Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
vbc.exe

Overview

General Information

Sample Name:vbc.exe
Analysis ID:680430
MD5:2fd70987e440c0351b1ce6ba45568868
SHA1:1fbf7460b77d6335ca56f5dd0bf274049436ab62
SHA256:46b08ac7a1a467f9d8053aaf6853500a32fd5c4b1acd747a9a83134f59115424
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Multi AV Scanner detection for dropped file
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Writes to foreign memory regions
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Yara detected Generic Downloader
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Adds a directory exclusion to Windows Defender
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • vbc.exe (PID: 6192 cmdline: "C:\Users\user\Desktop\vbc.exe" MD5: 2FD70987E440C0351B1CE6BA45568868)
    • powershell.exe (PID: 6492 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 6508 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\svyewSjGVGtgt" /XML "C:\Users\user\AppData\Local\Temp\tmp8F67.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 6608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • vbc.exe (PID: 6748 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe MD5: B3A917344F5610BEEC562556F11300FA)
      • explorer.exe (PID: 3808 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • WWAHost.exe (PID: 6432 cmdline: C:\Windows\SysWOW64\WWAHost.exe MD5: 370C260333EB3149EF4E49C8F64652A0)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.danetsystem.com/x8ut/"], "decoy": ["mUYLEBuVKFsO", "Bi9gZRFSHUmFLCtq/7U=", "FbmmfzSUYXSePwRymyniT3oEeK79", "udVNLrDQnqjROz4uqn9FqdOIYA==", "W0IuGtY0/QXuXQlo6ZRWeMvJhq31", "q7sxIMoN9y2Sjda8WFtJqdOIYA==", "wUCsjyxXWHJujLSbJQn3ImshLMYdSfw=", "YpHPPzxXNnlwnTzt0BbJ+Gjk", "YZTMKoDNnNdjWIFKPH3rXqns", "bxHZySM5zymSNA==", "znV02t/6orjqlYeiGr8=", "eygnfJgRpsibwQz6pg==", "Hkt+9xJAGS3rTUoouw==", "z/Fq9d3ksMa/rlCa", "ALeXgBFSDRF6Y45Q+wR8neDWE+8=", "u2QZIK+8sOklBZ34rw==", "ex3XYKf3ts9aBPnUV086qdOIYA==", "ttMVj0CBfsW/rlCa", "AydNsr7ejaGWvyGUJxB0oPU=", "fyo5sLzbrL+LoUYbsg==", "TmpyUx16WZvOfTouuA==", "f2ynAEXel84KdWYxtmAnVsQGYniCS3DM", "Zfzu7VZxWY/OfTouuA==", "iX+zJSo39iLyFrcIILqnyDS8Tx27dQ==", "35RMMbTZuedQA1YWqrG+81cNyiWoIOJwxA==", "b4P0Wpj+tMa/rlCa", "ZgB2UP1xPsqI7j/w70o8qdOIYA==", "0PN1YODem705EyNKc9KSwf0=", "KhvWi6bMp/UxYSc=", "DCx4mMdtzloIgDg=", "mAa2j+gmr9VD5u/2x4Vwkg==", "wKyp/gqNP18T", "PxUPcIGYd6eavi6fuC7rXqns", "03x33AUsGmpV0u3/Xn05mvM=", "O2+Z/P4Y8icXike0KxB0oPU=", "kge9qTmWeMa25oeiGr8=", "AC9QRQ5zHYN69b4wWbc=", "G0d95OYE4loIgDg=", "Og0cip/Yj6/oklGuvysuRbsrOMS1DPQ=", "fOloUMXKx/koBZ34rw==", "AyNYruhCG1QLLmqFB71/", "OGOK8gcyAT1pEjUMx4Vwkg==", "0fd+BEOuhM/V8mC40g7OPUK+eQ==", "bxgH4qb2trOk4oeiGr8=", "xjKwL1qcX2vRyGr91Gto", "xjCeFGLgrMOLoUYbsg==", "gZ8Tgsw3DET86p2yzWpq", "VL9udRpGzymSNA==", "07D5V6EvzymSNA==", "z3sjDrwI+SdrIPdh4pNKqNLLXGy7HfQ=", "eLHjUiyXeLfZfV791Gto", "EEdy5PwP1uqjwfK8WEcEYZdVLb+afQ==", "cG6wIP7vzhCcOST6x4Vwkg==", "JiEkhou0n8a/rlCa", "MaJQKY6IRvS/rlCa", "/uvi2Z4G8DFb/xNT5KY=", "DTlm3fpB7gAy26A3FpaSzP0=", "cRPDizBcKjfwIcY5ZPXnGo7O6zFHPm7K", "B7dhSMi6kc0x5vP0x4Vwkg==", "y7zoUktTNl0Qb2A74r9g", "DQpAv9TzwMm/rlCa", "4VH0zD4z+wgXwjWQ", "jKP03nOMcHi1lAFkZrc=", "kTfm0oHkyfN2Jg3g1ge02lD8vSGlIOJwxA=="]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
vbc.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.433034346.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
        00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
          00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x6601:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1d7a0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xa93f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x16b67:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x16965:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x16411:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x16a67:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x16bdf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa50a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1565c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb252:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1c3e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1d50a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x18e49:$sqlite3step: 68 34 1C 7B E1
          • 0x18f7c:$sqlite3step: 68 34 1C 7B E1
          • 0x18e8b:$sqlite3text: 68 38 2A 90 C5
          • 0x18fd3:$sqlite3text: 68 38 2A 90 C5
          • 0x18ea2:$sqlite3blob: 68 53 D8 7F 8C
          • 0x18ff5:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 29 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.vbc.exe.3b73cf8.7.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            0.2.vbc.exe.3b73cf8.7.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x33421:$a1: 3C 30 50 4F 53 54 74 09 40
            • 0x5e441:$a1: 3C 30 50 4F 53 54 74 09 40
            • 0x88461:$a1: 3C 30 50 4F 53 54 74 09 40
            • 0x4a5c0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x755e0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x9f600:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x3775f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
            • 0x6277f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
            • 0x8c79f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
            • 0x43987:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
            • 0x6e9a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
            • 0x989c7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
            0.2.vbc.exe.3b73cf8.7.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
            • 0x43785:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x6e7a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x987c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x43231:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x6e251:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x98271:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x43887:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x6e8a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x988c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x439ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0x6ea1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0x98a3f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0x3732a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x6234a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x8c36a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x4247c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0x6d49c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0x974bc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0x38072:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x63092:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x8d0b2:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            0.2.vbc.exe.3b73cf8.7.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
            • 0x45c69:$sqlite3step: 68 34 1C 7B E1
            • 0x45d9c:$sqlite3step: 68 34 1C 7B E1
            • 0x70c89:$sqlite3step: 68 34 1C 7B E1
            • 0x70dbc:$sqlite3step: 68 34 1C 7B E1
            • 0x9aca9:$sqlite3step: 68 34 1C 7B E1
            • 0x9addc:$sqlite3step: 68 34 1C 7B E1
            • 0x45cab:$sqlite3text: 68 38 2A 90 C5
            • 0x45df3:$sqlite3text: 68 38 2A 90 C5
            • 0x70ccb:$sqlite3text: 68 38 2A 90 C5
            • 0x70e13:$sqlite3text: 68 38 2A 90 C5
            • 0x9aceb:$sqlite3text: 68 38 2A 90 C5
            • 0x9ae33:$sqlite3text: 68 38 2A 90 C5
            • 0x45cc2:$sqlite3blob: 68 53 D8 7F 8C
            • 0x45e15:$sqlite3blob: 68 53 D8 7F 8C
            • 0x70ce2:$sqlite3blob: 68 53 D8 7F 8C
            • 0x70e35:$sqlite3blob: 68 53 D8 7F 8C
            • 0x9ad02:$sqlite3blob: 68 53 D8 7F 8C
            • 0x9ae55:$sqlite3blob: 68 53 D8 7F 8C
            0.0.vbc.exe.660000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              Click to see the 4 entries

              Sigma Signatures

              No Sigma rule has matched

              Snort Signatures

              No Snort rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Multi AV Scanner detection for submitted file
              Source: vbc.exeReversingLabs: Detection: 14%
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.vbc.exe.3b73cf8.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exeReversingLabs: Detection: 14%
              Source: 9.0.vbc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
              Source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.danetsystem.com/x8ut/"], "decoy": ["mUYLEBuVKFsO", "Bi9gZRFSHUmFLCtq/7U=", "FbmmfzSUYXSePwRymyniT3oEeK79", "udVNLrDQnqjROz4uqn9FqdOIYA==", "W0IuGtY0/QXuXQlo6ZRWeMvJhq31", "q7sxIMoN9y2Sjda8WFtJqdOIYA==", "wUCsjyxXWHJujLSbJQn3ImshLMYdSfw=", "YpHPPzxXNnlwnTzt0BbJ+Gjk", "YZTMKoDNnNdjWIFKPH3rXqns", "bxHZySM5zymSNA==", "znV02t/6orjqlYeiGr8=", "eygnfJgRpsibwQz6pg==", "Hkt+9xJAGS3rTUoouw==", "z/Fq9d3ksMa/rlCa", "ALeXgBFSDRF6Y45Q+wR8neDWE+8=", "u2QZIK+8sOklBZ34rw==", "ex3XYKf3ts9aBPnUV086qdOIYA==", "ttMVj0CBfsW/rlCa", "AydNsr7ejaGWvyGUJxB0oPU=", "fyo5sLzbrL+LoUYbsg==", "TmpyUx16WZvOfTouuA==", "f2ynAEXel84KdWYxtmAnVsQGYniCS3DM", "Zfzu7VZxWY/OfTouuA==", "iX+zJSo39iLyFrcIILqnyDS8Tx27dQ==", "35RMMbTZuedQA1YWqrG+81cNyiWoIOJwxA==", "b4P0Wpj+tMa/rlCa", "ZgB2UP1xPsqI7j/w70o8qdOIYA==", "0PN1YODem705EyNKc9KSwf0=", "KhvWi6bMp/UxYSc=", "DCx4mMdtzloIgDg=", "mAa2j+gmr9VD5u/2x4Vwkg==", "wKyp/gqNP18T", "PxUPcIGYd6eavi6fuC7rXqns", "03x33AUsGmpV0u3/Xn05mvM=", "O2+Z/P4Y8icXike0KxB0oPU=", "kge9qTmWeMa25oeiGr8=", "AC9QRQ5zHYN69b4wWbc=", "G0d95OYE4loIgDg=", "Og0cip/Yj6/oklGuvysuRbsrOMS1DPQ=", "fOloUMXKx/koBZ34rw==", "AyNYruhCG1QLLmqFB71/", "OGOK8gcyAT1pEjUMx4Vwkg==", "0fd+BEOuhM/V8mC40g7OPUK+eQ==", "bxgH4qb2trOk4oeiGr8=", "xjKwL1qcX2vRyGr91Gto", "xjCeFGLgrMOLoUYbsg==", "gZ8Tgsw3DET86p2yzWpq", "VL9udRpGzymSNA==", "07D5V6EvzymSNA==", "z3sjDrwI+SdrIPdh4pNKqNLLXGy7HfQ=", "eLHjUiyXeLfZfV791Gto", "EEdy5PwP1uqjwfK8WEcEYZdVLb+afQ==", "cG6wIP7vzhCcOST6x4Vwkg==", "JiEkhou0n8a/rlCa", "MaJQKY6IRvS/rlCa", "/uvi2Z4G8DFb/xNT5KY=", "DTlm3fpB7gAy26A3FpaSzP0=", "cRPDizBcKjfwIcY5ZPXnGo7O6zFHPm7K", "B7dhSMi6kc0x5vP0x4Vwkg==", "y7zoUktTNl0Qb2A74r9g", "DQpAv9TzwMm/rlCa", "4VH0zD4z+wgXwjWQ", "jKP03nOMcHi1lAFkZrc=", "kTfm0oHkyfN2Jg3g1ge02lD8vSGlIOJwxA=="]}
              Source: vbc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: vbc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: WWAHost.pdb source: vbc.exe, 00000009.00000003.555578361.000000000707C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.553653065.0000000006F96000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: WWAHost.pdbUGP source: vbc.exe, 00000009.00000003.555578361.000000000707C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.553653065.0000000006F96000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdbUGP source: vbc.exe, 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.427253872.0000000000AD8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.430940058.0000000005019000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000002.635691665.0000000003FDF000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000002.628890268.0000000003EC0000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000003.571447975.0000000003D28000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000003.563307604.0000000003B90000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: vbc.exe, vbc.exe, 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.427253872.0000000000AD8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.430940058.0000000005019000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000002.635691665.0000000003FDF000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000002.628890268.0000000003EC0000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000003.571447975.0000000003D28000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000003.563307604.0000000003B90000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: vbc.pdb source: WWAHost.exe, 00000014.00000002.637495288.00000000041F1000.00000004.00000800.00020000.00000000.sdmp

              Networking

              barindex
              Yara detected Generic Downloader
              Source: Yara matchFile source: vbc.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.vbc.exe.660000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exe, type: DROPPED
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: www.danetsystem.com/x8ut/
              Source: vbc.exe, svyewSjGVGtgt.exe.0.drString found in binary or memory: http://boards.4chan.org/b/
              Source: vbc.exe, svyewSjGVGtgt.exe.0.drString found in binary or memory: http://boards.4chan.org3Retrieving
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
              Source: vbc.exe, svyewSjGVGtgt.exe.0.drString found in binary or memory: http://images.4chan.org/
              Source: explorer.exe, 0000000D.00000000.482694490.00000000026D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.437285891.00000000026D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.514496245.00000000026D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.582671646.00000000026D0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ns.adobY
              Source: vbc.exe, 00000000.00000002.433034346.0000000002ADD000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000000.00000002.435077515.0000000002D26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000000.00000003.362484787.000000000110C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
              Source: vbc.exe, 00000000.00000003.362484787.000000000110C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com=
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
              Source: vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
              Source: unknownDNS traffic detected: queries for: www.reisdafavela.com

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.vbc.exe.3b73cf8.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 0.2.vbc.exe.3b73cf8.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 0.2.vbc.exe.3b73cf8.7.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 0.2.vbc.exe.3b73cf8.7.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 9.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 9.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 9.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: Process Memory Space: vbc.exe PID: 6192, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: Process Memory Space: vbc.exe PID: 6748, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: Process Memory Space: WWAHost.exe PID: 6432, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: vbc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 0.2.vbc.exe.3b73cf8.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 0.2.vbc.exe.3b73cf8.7.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 0.2.vbc.exe.3b73cf8.7.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 9.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 9.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 9.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: Process Memory Space: vbc.exe PID: 6192, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: Process Memory Space: vbc.exe PID: 6748, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: Process Memory Space: WWAHost.exe PID: 6432, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: C:\Users\user\Desktop\vbc.exeCode function: 0_2_00F83DC40_2_00F83DC4
              Source: C:\Users\user\Desktop\vbc.exeCode function: 0_2_00F884580_2_00F88458
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A2D079_2_052A2D07
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D0D209_2_051D0D20
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A1D559_2_052A1D55
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052025819_2_05202581
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A25DD9_2_052A25DD
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051ED5E09_2_051ED5E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E841F9_2_051E841F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529D4669_2_0529D466
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A1FF19_2_052A1FF1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052ADFCE9_2_052ADFCE
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051F6E309_2_051F6E30
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529D6169_2_0529D616
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A2EF79_2_052A2EF7
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DF9009_2_051DF900
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051F41209_2_051F4120
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052AE8249_2_052AE824
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052910029_2_05291002
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA8309_2_051FA830
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052020A09_2_052020A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A20A89_2_052A20A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051EB0909_2_051EB090
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A28EC9_2_052A28EC
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A2B289_2_052A2B28
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FAB409_2_051FAB40
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520EBB09_2_0520EBB0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052903DA9_2_052903DA
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529DBD29_2_0529DBD2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0528FA2B9_2_0528FA2B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A22AE9_2_052A22AE
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0041FA7F9_2_0041FA7F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: String function: 051DB150 appears 54 times
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219540 NtReadFile,LdrInitializeThunk,9_2_05219540
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052195D0 NtClose,LdrInitializeThunk,9_2_052195D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219710 NtQueryInformationToken,LdrInitializeThunk,9_2_05219710
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052197A0 NtUnmapViewOfSection,LdrInitializeThunk,9_2_052197A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219780 NtMapViewOfSection,LdrInitializeThunk,9_2_05219780
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219FE0 NtCreateMutant,LdrInitializeThunk,9_2_05219FE0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219660 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_05219660
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052196E0 NtFreeVirtualMemory,LdrInitializeThunk,9_2_052196E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219910 NtAdjustPrivilegesToken,LdrInitializeThunk,9_2_05219910
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052199A0 NtCreateSection,LdrInitializeThunk,9_2_052199A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219860 NtQuerySystemInformation,LdrInitializeThunk,9_2_05219860
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219840 NtDelayExecution,LdrInitializeThunk,9_2_05219840
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052198F0 NtReadVirtualMemory,LdrInitializeThunk,9_2_052198F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219A20 NtResumeThread,LdrInitializeThunk,9_2_05219A20
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219A00 NtProtectVirtualMemory,LdrInitializeThunk,9_2_05219A00
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219A50 NtCreateFile,LdrInitializeThunk,9_2_05219A50
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219520 NtWaitForSingleObject,9_2_05219520
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0521AD30 NtSetContextThread,9_2_0521AD30
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219560 NtWriteFile,9_2_05219560
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052195F0 NtQueryInformationFile,9_2_052195F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219730 NtQueryVirtualMemory,9_2_05219730
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0521A710 NtOpenProcessToken,9_2_0521A710
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219760 NtOpenProcess,9_2_05219760
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0521A770 NtOpenThread,9_2_0521A770
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219770 NtSetInformationFile,9_2_05219770
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219610 NtEnumerateValueKey,9_2_05219610
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219670 NtQueryInformationProcess,9_2_05219670
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219650 NtQueryValueKey,9_2_05219650
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052196D0 NtCreateKey,9_2_052196D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219950 NtQueueApcThread,9_2_05219950
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052199D0 NtCreateProcessEx,9_2_052199D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219820 NtEnumerateKey,9_2_05219820
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0521B040 NtSuspendThread,9_2_0521B040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052198A0 NtWriteVirtualMemory,9_2_052198A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219B00 NtSetValueKey,9_2_05219B00
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0521A3B0 NtGetContextThread,9_2_0521A3B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219A10 NtQuerySection,9_2_05219A10
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219A80 NtOpenDirectoryObject,9_2_05219A80
              Source: vbc.exe, 00000000.00000002.444943649.0000000007270000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWebName.dll4 vs vbc.exe
              Source: vbc.exe, 00000000.00000002.445337631.0000000007480000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDoncepre.dll@ vs vbc.exe
              Source: vbc.exe, 00000000.00000003.392575546.00000000070A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKeysNormalize.dll4 vs vbc.exe
              Source: vbc.exe, 00000000.00000003.399577917.00000000070AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArraySortHel.exe: vs vbc.exe
              Source: vbc.exe, 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDoncepre.dll@ vs vbc.exe
              Source: vbc.exe, 00000000.00000000.352266818.0000000000749000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameArraySortHel.exe: vs vbc.exe
              Source: vbc.exe, 00000000.00000002.444764428.0000000007240000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameKeysNormalize.dll4 vs vbc.exe
              Source: vbc.exe, 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs vbc.exe
              Source: vbc.exe, 00000009.00000003.428640673.0000000000BEE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs vbc.exe
              Source: vbc.exe, 00000009.00000003.553653065.0000000006F96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWWAHost.exej% vs vbc.exe
              Source: vbc.exe, 00000009.00000003.431899246.0000000005138000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs vbc.exe
              Source: vbc.exeBinary or memory string: OriginalFilenameArraySortHel.exe: vs vbc.exe
              Source: vbc.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: svyewSjGVGtgt.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: svyewSjGVGtgt.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: vbc.exeReversingLabs: Detection: 14%
              Source: C:\Users\user\Desktop\vbc.exeFile read: C:\Users\user\Desktop\vbc.exeJump to behavior
              Source: vbc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\vbc.exe "C:\Users\user\Desktop\vbc.exe"
              Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exe
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\svyewSjGVGtgt" /XML "C:\Users\user\AppData\Local\Temp\tmp8F67.tmp
              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
              Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\WWAHost.exe C:\Windows\SysWOW64\WWAHost.exe
              Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exeJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\svyewSjGVGtgt" /XML "C:\Users\user\AppData\Local\Temp\tmp8F67.tmpJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
              Source: C:\Users\user\Desktop\vbc.exeFile created: C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exeJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\tmp8F67.tmpJump to behavior
              Source: classification engineClassification label: mal100.troj.evad.winEXE@10/8@2/0
              Source: C:\Users\user\Desktop\vbc.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: vbc.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              Source: C:\Users\user\Desktop\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6500:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6608:120:WilError_01
              Source: C:\Users\user\Desktop\vbc.exeMutant created: \Sessions\1\BaseNamedObjects\XUUJrsTtOidedgINUG
              Source: vbc.exe, Scraper/Archiving/Zip/Compression/Streams/DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
              Source: vbc.exe, Scraper/Archiving/Zip/Compression/Streams/InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
              Source: vbc.exe, Scraper/Archiving/Zip/Compression/Streams/InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
              Source: vbc.exe, Scraper/frmMain.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
              Source: svyewSjGVGtgt.exe.0.dr, Scraper/Archiving/Zip/Compression/Streams/DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
              Source: svyewSjGVGtgt.exe.0.dr, Scraper/Archiving/Zip/Compression/Streams/InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
              Source: svyewSjGVGtgt.exe.0.dr, Scraper/Archiving/Zip/Compression/Streams/InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
              Source: svyewSjGVGtgt.exe.0.dr, Scraper/frmMain.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
              Source: 0.0.vbc.exe.660000.0.unpack, Scraper/frmMain.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Desktop\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: vbc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: vbc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: WWAHost.pdb source: vbc.exe, 00000009.00000003.555578361.000000000707C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.553653065.0000000006F96000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: WWAHost.pdbUGP source: vbc.exe, 00000009.00000003.555578361.000000000707C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.553653065.0000000006F96000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdbUGP source: vbc.exe, 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.427253872.0000000000AD8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.430940058.0000000005019000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000002.635691665.0000000003FDF000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000002.628890268.0000000003EC0000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000003.571447975.0000000003D28000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000003.563307604.0000000003B90000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: vbc.exe, vbc.exe, 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.427253872.0000000000AD8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.430940058.0000000005019000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000002.635691665.0000000003FDF000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000002.628890268.0000000003EC0000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000003.571447975.0000000003D28000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000014.00000003.563307604.0000000003B90000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: vbc.pdb source: WWAHost.exe, 00000014.00000002.637495288.00000000041F1000.00000004.00000800.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: vbc.exe, Scraper/frmMain.cs.Net Code: WaitHandle System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: svyewSjGVGtgt.exe.0.dr, Scraper/frmMain.cs.Net Code: WaitHandle System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 0.0.vbc.exe.660000.0.unpack, Scraper/frmMain.cs.Net Code: WaitHandle System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0522D0D1 push ecx; ret 9_2_0522D0E4
              Source: initial sampleStatic PE information: section name: .text entropy: 7.58951432122368
              Source: initial sampleStatic PE information: section name: .text entropy: 7.58951432122368
              Source: C:\Users\user\Desktop\vbc.exeFile created: C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exeJump to dropped file

              Boot Survival

              barindex
              Uses schtasks.exe or at.exe to add and modify task schedules
              Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\svyewSjGVGtgt" /XML "C:\Users\user\AppData\Local\Temp\tmp8F67.tmp
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WWAHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Yara detected AntiVM3
              Source: Yara matchFile source: 00000000.00000002.433034346.0000000002ADD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.435077515.0000000002D26000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 6192, type: MEMORYSTR
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
              Source: vbc.exe, 00000000.00000002.433034346.0000000002ADD000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000000.00000002.435077515.0000000002D26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
              Source: vbc.exe, 00000000.00000002.433034346.0000000002ADD000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000000.00000002.435077515.0000000002D26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
              Source: C:\Users\user\Desktop\vbc.exe TID: 6196Thread sleep time: -45877s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\vbc.exe TID: 6212Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6652Thread sleep time: -9223372036854770s >= -30000sJump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\WWAHost.exeLast function: Thread delayed
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05216DE6 rdtsc 9_2_05216DE6
              Source: C:\Users\user\Desktop\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9343Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeAPI coverage: 5.6 %
              Source: C:\Users\user\Desktop\vbc.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeThread delayed: delay time: 45877Jump to behavior
              Source: C:\Users\user\Desktop\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: explorer.exe, 0000000D.00000000.494640049.0000000006389000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
              Source: vbc.exe, 00000000.00000002.435077515.0000000002D26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
              Source: explorer.exe, 0000000D.00000000.524510937.0000000007C08000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i
              Source: explorer.exe, 0000000D.00000000.524510937.0000000007C08000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
              Source: vbc.exe, 00000000.00000002.435077515.0000000002D26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
              Source: explorer.exe, 0000000D.00000000.484646435.0000000004150000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}:
              Source: explorer.exe, 0000000D.00000000.524510937.0000000007C08000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i&
              Source: explorer.exe, 0000000D.00000000.525066443.0000000007D2A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
              Source: explorer.exe, 0000000D.00000000.524510937.0000000007C08000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00Iy
              Source: vbc.exe, 00000000.00000002.435077515.0000000002D26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
              Source: explorer.exe, 0000000D.00000000.499146548.0000000007CC2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000v
              Source: vbc.exe, 00000000.00000002.435077515.0000000002D26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05216DE6 rdtsc 9_2_05216DE6
              Source: C:\Users\user\Desktop\vbc.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WWAHost.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529E539 mov eax, dword ptr fs:[00000030h]9_2_0529E539
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0525A537 mov eax, dword ptr fs:[00000030h]9_2_0525A537
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05204D3B mov eax, dword ptr fs:[00000030h]9_2_05204D3B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05204D3B mov eax, dword ptr fs:[00000030h]9_2_05204D3B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05204D3B mov eax, dword ptr fs:[00000030h]9_2_05204D3B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A8D34 mov eax, dword ptr fs:[00000030h]9_2_052A8D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E3D34 mov eax, dword ptr fs:[00000030h]9_2_051E3D34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DAD30 mov eax, dword ptr fs:[00000030h]9_2_051DAD30
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051F7D50 mov eax, dword ptr fs:[00000030h]9_2_051F7D50
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05213D43 mov eax, dword ptr fs:[00000030h]9_2_05213D43
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05253540 mov eax, dword ptr fs:[00000030h]9_2_05253540
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FC577 mov eax, dword ptr fs:[00000030h]9_2_051FC577
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FC577 mov eax, dword ptr fs:[00000030h]9_2_051FC577
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05283D40 mov eax, dword ptr fs:[00000030h]9_2_05283D40
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052035A1 mov eax, dword ptr fs:[00000030h]9_2_052035A1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A05AC mov eax, dword ptr fs:[00000030h]9_2_052A05AC
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A05AC mov eax, dword ptr fs:[00000030h]9_2_052A05AC
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05201DB5 mov eax, dword ptr fs:[00000030h]9_2_05201DB5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05201DB5 mov eax, dword ptr fs:[00000030h]9_2_05201DB5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05201DB5 mov eax, dword ptr fs:[00000030h]9_2_05201DB5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D2D8A mov eax, dword ptr fs:[00000030h]9_2_051D2D8A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D2D8A mov eax, dword ptr fs:[00000030h]9_2_051D2D8A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D2D8A mov eax, dword ptr fs:[00000030h]9_2_051D2D8A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D2D8A mov eax, dword ptr fs:[00000030h]9_2_051D2D8A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D2D8A mov eax, dword ptr fs:[00000030h]9_2_051D2D8A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05202581 mov eax, dword ptr fs:[00000030h]9_2_05202581
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05202581 mov eax, dword ptr fs:[00000030h]9_2_05202581
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05202581 mov eax, dword ptr fs:[00000030h]9_2_05202581
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05202581 mov eax, dword ptr fs:[00000030h]9_2_05202581
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520FD9B mov eax, dword ptr fs:[00000030h]9_2_0520FD9B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520FD9B mov eax, dword ptr fs:[00000030h]9_2_0520FD9B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529FDE2 mov eax, dword ptr fs:[00000030h]9_2_0529FDE2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529FDE2 mov eax, dword ptr fs:[00000030h]9_2_0529FDE2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529FDE2 mov eax, dword ptr fs:[00000030h]9_2_0529FDE2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529FDE2 mov eax, dword ptr fs:[00000030h]9_2_0529FDE2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05288DF1 mov eax, dword ptr fs:[00000030h]9_2_05288DF1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256DC9 mov eax, dword ptr fs:[00000030h]9_2_05256DC9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256DC9 mov eax, dword ptr fs:[00000030h]9_2_05256DC9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256DC9 mov eax, dword ptr fs:[00000030h]9_2_05256DC9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256DC9 mov ecx, dword ptr fs:[00000030h]9_2_05256DC9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256DC9 mov eax, dword ptr fs:[00000030h]9_2_05256DC9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256DC9 mov eax, dword ptr fs:[00000030h]9_2_05256DC9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051ED5E0 mov eax, dword ptr fs:[00000030h]9_2_051ED5E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051ED5E0 mov eax, dword ptr fs:[00000030h]9_2_051ED5E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520BC2C mov eax, dword ptr fs:[00000030h]9_2_0520BC2C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A740D mov eax, dword ptr fs:[00000030h]9_2_052A740D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A740D mov eax, dword ptr fs:[00000030h]9_2_052A740D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A740D mov eax, dword ptr fs:[00000030h]9_2_052A740D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291C06 mov eax, dword ptr fs:[00000030h]9_2_05291C06
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256C0A mov eax, dword ptr fs:[00000030h]9_2_05256C0A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256C0A mov eax, dword ptr fs:[00000030h]9_2_05256C0A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256C0A mov eax, dword ptr fs:[00000030h]9_2_05256C0A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256C0A mov eax, dword ptr fs:[00000030h]9_2_05256C0A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520A44B mov eax, dword ptr fs:[00000030h]9_2_0520A44B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051F746D mov eax, dword ptr fs:[00000030h]9_2_051F746D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0526C450 mov eax, dword ptr fs:[00000030h]9_2_0526C450
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0526C450 mov eax, dword ptr fs:[00000030h]9_2_0526C450
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E849B mov eax, dword ptr fs:[00000030h]9_2_051E849B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052914FB mov eax, dword ptr fs:[00000030h]9_2_052914FB
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256CF0 mov eax, dword ptr fs:[00000030h]9_2_05256CF0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256CF0 mov eax, dword ptr fs:[00000030h]9_2_05256CF0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05256CF0 mov eax, dword ptr fs:[00000030h]9_2_05256CF0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A8CD6 mov eax, dword ptr fs:[00000030h]9_2_052A8CD6
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FF716 mov eax, dword ptr fs:[00000030h]9_2_051FF716
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520E730 mov eax, dword ptr fs:[00000030h]9_2_0520E730
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A070D mov eax, dword ptr fs:[00000030h]9_2_052A070D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A070D mov eax, dword ptr fs:[00000030h]9_2_052A070D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520A70E mov eax, dword ptr fs:[00000030h]9_2_0520A70E
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520A70E mov eax, dword ptr fs:[00000030h]9_2_0520A70E
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D4F2E mov eax, dword ptr fs:[00000030h]9_2_051D4F2E
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D4F2E mov eax, dword ptr fs:[00000030h]9_2_051D4F2E
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0526FF10 mov eax, dword ptr fs:[00000030h]9_2_0526FF10
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0526FF10 mov eax, dword ptr fs:[00000030h]9_2_0526FF10
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A8F6A mov eax, dword ptr fs:[00000030h]9_2_052A8F6A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051EEF40 mov eax, dword ptr fs:[00000030h]9_2_051EEF40
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051EFF60 mov eax, dword ptr fs:[00000030h]9_2_051EFF60
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E8794 mov eax, dword ptr fs:[00000030h]9_2_051E8794
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05257794 mov eax, dword ptr fs:[00000030h]9_2_05257794
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05257794 mov eax, dword ptr fs:[00000030h]9_2_05257794
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05257794 mov eax, dword ptr fs:[00000030h]9_2_05257794
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052137F5 mov eax, dword ptr fs:[00000030h]9_2_052137F5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0528FE3F mov eax, dword ptr fs:[00000030h]9_2_0528FE3F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DC600 mov eax, dword ptr fs:[00000030h]9_2_051DC600
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DC600 mov eax, dword ptr fs:[00000030h]9_2_051DC600
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DC600 mov eax, dword ptr fs:[00000030h]9_2_051DC600
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05208E00 mov eax, dword ptr fs:[00000030h]9_2_05208E00
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05291608 mov eax, dword ptr fs:[00000030h]9_2_05291608
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520A61C mov eax, dword ptr fs:[00000030h]9_2_0520A61C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520A61C mov eax, dword ptr fs:[00000030h]9_2_0520A61C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DE620 mov eax, dword ptr fs:[00000030h]9_2_051DE620
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E7E41 mov eax, dword ptr fs:[00000030h]9_2_051E7E41
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E7E41 mov eax, dword ptr fs:[00000030h]9_2_051E7E41
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E7E41 mov eax, dword ptr fs:[00000030h]9_2_051E7E41
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E7E41 mov eax, dword ptr fs:[00000030h]9_2_051E7E41
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E7E41 mov eax, dword ptr fs:[00000030h]9_2_051E7E41
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E7E41 mov eax, dword ptr fs:[00000030h]9_2_051E7E41
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FAE73 mov eax, dword ptr fs:[00000030h]9_2_051FAE73
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FAE73 mov eax, dword ptr fs:[00000030h]9_2_051FAE73
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FAE73 mov eax, dword ptr fs:[00000030h]9_2_051FAE73
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FAE73 mov eax, dword ptr fs:[00000030h]9_2_051FAE73
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FAE73 mov eax, dword ptr fs:[00000030h]9_2_051FAE73
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529AE44 mov eax, dword ptr fs:[00000030h]9_2_0529AE44
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529AE44 mov eax, dword ptr fs:[00000030h]9_2_0529AE44
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E766D mov eax, dword ptr fs:[00000030h]9_2_051E766D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052546A7 mov eax, dword ptr fs:[00000030h]9_2_052546A7
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A0EA5 mov eax, dword ptr fs:[00000030h]9_2_052A0EA5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A0EA5 mov eax, dword ptr fs:[00000030h]9_2_052A0EA5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A0EA5 mov eax, dword ptr fs:[00000030h]9_2_052A0EA5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0526FE87 mov eax, dword ptr fs:[00000030h]9_2_0526FE87
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052016E0 mov ecx, dword ptr fs:[00000030h]9_2_052016E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05218EC7 mov eax, dword ptr fs:[00000030h]9_2_05218EC7
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0528FEC0 mov eax, dword ptr fs:[00000030h]9_2_0528FEC0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052036CC mov eax, dword ptr fs:[00000030h]9_2_052036CC
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A8ED6 mov eax, dword ptr fs:[00000030h]9_2_052A8ED6
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E76E2 mov eax, dword ptr fs:[00000030h]9_2_051E76E2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520513A mov eax, dword ptr fs:[00000030h]9_2_0520513A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520513A mov eax, dword ptr fs:[00000030h]9_2_0520513A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D9100 mov eax, dword ptr fs:[00000030h]9_2_051D9100
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D9100 mov eax, dword ptr fs:[00000030h]9_2_051D9100
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D9100 mov eax, dword ptr fs:[00000030h]9_2_051D9100
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051F4120 mov eax, dword ptr fs:[00000030h]9_2_051F4120
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051F4120 mov eax, dword ptr fs:[00000030h]9_2_051F4120
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051F4120 mov eax, dword ptr fs:[00000030h]9_2_051F4120
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051F4120 mov eax, dword ptr fs:[00000030h]9_2_051F4120
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051F4120 mov ecx, dword ptr fs:[00000030h]9_2_051F4120
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FB944 mov eax, dword ptr fs:[00000030h]9_2_051FB944
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FB944 mov eax, dword ptr fs:[00000030h]9_2_051FB944
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DB171 mov eax, dword ptr fs:[00000030h]9_2_051DB171
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DB171 mov eax, dword ptr fs:[00000030h]9_2_051DB171
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DC962 mov eax, dword ptr fs:[00000030h]9_2_051DC962
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052061A0 mov eax, dword ptr fs:[00000030h]9_2_052061A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052061A0 mov eax, dword ptr fs:[00000030h]9_2_052061A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052569A6 mov eax, dword ptr fs:[00000030h]9_2_052569A6
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052949A4 mov eax, dword ptr fs:[00000030h]9_2_052949A4
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052949A4 mov eax, dword ptr fs:[00000030h]9_2_052949A4
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052949A4 mov eax, dword ptr fs:[00000030h]9_2_052949A4
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052949A4 mov eax, dword ptr fs:[00000030h]9_2_052949A4
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052551BE mov eax, dword ptr fs:[00000030h]9_2_052551BE
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052551BE mov eax, dword ptr fs:[00000030h]9_2_052551BE
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052551BE mov eax, dword ptr fs:[00000030h]9_2_052551BE
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052551BE mov eax, dword ptr fs:[00000030h]9_2_052551BE
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FC182 mov eax, dword ptr fs:[00000030h]9_2_051FC182
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520A185 mov eax, dword ptr fs:[00000030h]9_2_0520A185
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05202990 mov eax, dword ptr fs:[00000030h]9_2_05202990
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052641E8 mov eax, dword ptr fs:[00000030h]9_2_052641E8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DB1E1 mov eax, dword ptr fs:[00000030h]9_2_051DB1E1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DB1E1 mov eax, dword ptr fs:[00000030h]9_2_051DB1E1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DB1E1 mov eax, dword ptr fs:[00000030h]9_2_051DB1E1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520002D mov eax, dword ptr fs:[00000030h]9_2_0520002D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520002D mov eax, dword ptr fs:[00000030h]9_2_0520002D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520002D mov eax, dword ptr fs:[00000030h]9_2_0520002D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520002D mov eax, dword ptr fs:[00000030h]9_2_0520002D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520002D mov eax, dword ptr fs:[00000030h]9_2_0520002D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA830 mov eax, dword ptr fs:[00000030h]9_2_051FA830
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA830 mov eax, dword ptr fs:[00000030h]9_2_051FA830
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA830 mov eax, dword ptr fs:[00000030h]9_2_051FA830
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA830 mov eax, dword ptr fs:[00000030h]9_2_051FA830
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05257016 mov eax, dword ptr fs:[00000030h]9_2_05257016
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05257016 mov eax, dword ptr fs:[00000030h]9_2_05257016
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05257016 mov eax, dword ptr fs:[00000030h]9_2_05257016
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051EB02A mov eax, dword ptr fs:[00000030h]9_2_051EB02A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051EB02A mov eax, dword ptr fs:[00000030h]9_2_051EB02A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051EB02A mov eax, dword ptr fs:[00000030h]9_2_051EB02A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051EB02A mov eax, dword ptr fs:[00000030h]9_2_051EB02A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A4015 mov eax, dword ptr fs:[00000030h]9_2_052A4015
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A4015 mov eax, dword ptr fs:[00000030h]9_2_052A4015
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051F0050 mov eax, dword ptr fs:[00000030h]9_2_051F0050
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051F0050 mov eax, dword ptr fs:[00000030h]9_2_051F0050
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05292073 mov eax, dword ptr fs:[00000030h]9_2_05292073
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A1074 mov eax, dword ptr fs:[00000030h]9_2_052A1074
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052020A0 mov eax, dword ptr fs:[00000030h]9_2_052020A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052020A0 mov eax, dword ptr fs:[00000030h]9_2_052020A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052020A0 mov eax, dword ptr fs:[00000030h]9_2_052020A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052020A0 mov eax, dword ptr fs:[00000030h]9_2_052020A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052020A0 mov eax, dword ptr fs:[00000030h]9_2_052020A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052020A0 mov eax, dword ptr fs:[00000030h]9_2_052020A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052190AF mov eax, dword ptr fs:[00000030h]9_2_052190AF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D9080 mov eax, dword ptr fs:[00000030h]9_2_051D9080
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520F0BF mov ecx, dword ptr fs:[00000030h]9_2_0520F0BF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520F0BF mov eax, dword ptr fs:[00000030h]9_2_0520F0BF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520F0BF mov eax, dword ptr fs:[00000030h]9_2_0520F0BF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05253884 mov eax, dword ptr fs:[00000030h]9_2_05253884
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05253884 mov eax, dword ptr fs:[00000030h]9_2_05253884
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D58EC mov eax, dword ptr fs:[00000030h]9_2_051D58EC
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0526B8D0 mov eax, dword ptr fs:[00000030h]9_2_0526B8D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0526B8D0 mov ecx, dword ptr fs:[00000030h]9_2_0526B8D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0526B8D0 mov eax, dword ptr fs:[00000030h]9_2_0526B8D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0526B8D0 mov eax, dword ptr fs:[00000030h]9_2_0526B8D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0526B8D0 mov eax, dword ptr fs:[00000030h]9_2_0526B8D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0526B8D0 mov eax, dword ptr fs:[00000030h]9_2_0526B8D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D40E1 mov eax, dword ptr fs:[00000030h]9_2_051D40E1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D40E1 mov eax, dword ptr fs:[00000030h]9_2_051D40E1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D40E1 mov eax, dword ptr fs:[00000030h]9_2_051D40E1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529131B mov eax, dword ptr fs:[00000030h]9_2_0529131B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DF358 mov eax, dword ptr fs:[00000030h]9_2_051DF358
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05203B7A mov eax, dword ptr fs:[00000030h]9_2_05203B7A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05203B7A mov eax, dword ptr fs:[00000030h]9_2_05203B7A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DDB40 mov eax, dword ptr fs:[00000030h]9_2_051DDB40
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A8B58 mov eax, dword ptr fs:[00000030h]9_2_052A8B58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DDB60 mov ecx, dword ptr fs:[00000030h]9_2_051DDB60
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05204BAD mov eax, dword ptr fs:[00000030h]9_2_05204BAD
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05204BAD mov eax, dword ptr fs:[00000030h]9_2_05204BAD
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05204BAD mov eax, dword ptr fs:[00000030h]9_2_05204BAD
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A5BA5 mov eax, dword ptr fs:[00000030h]9_2_052A5BA5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E1B8F mov eax, dword ptr fs:[00000030h]9_2_051E1B8F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E1B8F mov eax, dword ptr fs:[00000030h]9_2_051E1B8F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529138A mov eax, dword ptr fs:[00000030h]9_2_0529138A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0528D380 mov ecx, dword ptr fs:[00000030h]9_2_0528D380
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520B390 mov eax, dword ptr fs:[00000030h]9_2_0520B390
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05202397 mov eax, dword ptr fs:[00000030h]9_2_05202397
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052003E2 mov eax, dword ptr fs:[00000030h]9_2_052003E2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052003E2 mov eax, dword ptr fs:[00000030h]9_2_052003E2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052003E2 mov eax, dword ptr fs:[00000030h]9_2_052003E2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052003E2 mov eax, dword ptr fs:[00000030h]9_2_052003E2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052003E2 mov eax, dword ptr fs:[00000030h]9_2_052003E2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052003E2 mov eax, dword ptr fs:[00000030h]9_2_052003E2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052553CA mov eax, dword ptr fs:[00000030h]9_2_052553CA
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052553CA mov eax, dword ptr fs:[00000030h]9_2_052553CA
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FDBE9 mov eax, dword ptr fs:[00000030h]9_2_051FDBE9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051F3A1C mov eax, dword ptr fs:[00000030h]9_2_051F3A1C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DAA16 mov eax, dword ptr fs:[00000030h]9_2_051DAA16
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051DAA16 mov eax, dword ptr fs:[00000030h]9_2_051DAA16
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05214A2C mov eax, dword ptr fs:[00000030h]9_2_05214A2C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05214A2C mov eax, dword ptr fs:[00000030h]9_2_05214A2C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D5210 mov eax, dword ptr fs:[00000030h]9_2_051D5210
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D5210 mov ecx, dword ptr fs:[00000030h]9_2_051D5210
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D5210 mov eax, dword ptr fs:[00000030h]9_2_051D5210
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D5210 mov eax, dword ptr fs:[00000030h]9_2_051D5210
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051E8A0A mov eax, dword ptr fs:[00000030h]9_2_051E8A0A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA229 mov eax, dword ptr fs:[00000030h]9_2_051FA229
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA229 mov eax, dword ptr fs:[00000030h]9_2_051FA229
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA229 mov eax, dword ptr fs:[00000030h]9_2_051FA229
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA229 mov eax, dword ptr fs:[00000030h]9_2_051FA229
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA229 mov eax, dword ptr fs:[00000030h]9_2_051FA229
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA229 mov eax, dword ptr fs:[00000030h]9_2_051FA229
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA229 mov eax, dword ptr fs:[00000030h]9_2_051FA229
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA229 mov eax, dword ptr fs:[00000030h]9_2_051FA229
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051FA229 mov eax, dword ptr fs:[00000030h]9_2_051FA229
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529AA16 mov eax, dword ptr fs:[00000030h]9_2_0529AA16
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529AA16 mov eax, dword ptr fs:[00000030h]9_2_0529AA16
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0528B260 mov eax, dword ptr fs:[00000030h]9_2_0528B260
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0528B260 mov eax, dword ptr fs:[00000030h]9_2_0528B260
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_052A8A62 mov eax, dword ptr fs:[00000030h]9_2_052A8A62
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0521927A mov eax, dword ptr fs:[00000030h]9_2_0521927A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D9240 mov eax, dword ptr fs:[00000030h]9_2_051D9240
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D9240 mov eax, dword ptr fs:[00000030h]9_2_051D9240
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D9240 mov eax, dword ptr fs:[00000030h]9_2_051D9240
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D9240 mov eax, dword ptr fs:[00000030h]9_2_051D9240
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05264257 mov eax, dword ptr fs:[00000030h]9_2_05264257
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0529EA55 mov eax, dword ptr fs:[00000030h]9_2_0529EA55
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520FAB0 mov eax, dword ptr fs:[00000030h]9_2_0520FAB0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051EAAB0 mov eax, dword ptr fs:[00000030h]9_2_051EAAB0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051EAAB0 mov eax, dword ptr fs:[00000030h]9_2_051EAAB0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520D294 mov eax, dword ptr fs:[00000030h]9_2_0520D294
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_0520D294 mov eax, dword ptr fs:[00000030h]9_2_0520D294
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D52A5 mov eax, dword ptr fs:[00000030h]9_2_051D52A5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D52A5 mov eax, dword ptr fs:[00000030h]9_2_051D52A5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D52A5 mov eax, dword ptr fs:[00000030h]9_2_051D52A5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D52A5 mov eax, dword ptr fs:[00000030h]9_2_051D52A5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_051D52A5 mov eax, dword ptr fs:[00000030h]9_2_051D52A5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05202AE4 mov eax, dword ptr fs:[00000030h]9_2_05202AE4
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05202ACB mov eax, dword ptr fs:[00000030h]9_2_05202ACB
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\WWAHost.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 9_2_05219540 NtReadFile,LdrInitializeThunk,9_2_05219540
              Source: C:\Users\user\Desktop\vbc.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Sample uses process hollowing technique
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection unmapped: C:\Windows\SysWOW64\WWAHost.exe base address: DE0000Jump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\WWAHost.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\WWAHost.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\WWAHost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\WWAHost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
              Writes to foreign memory regions
              Source: C:\Users\user\Desktop\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000Jump to behavior
              Source: C:\Users\user\Desktop\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 401000Jump to behavior
              Source: C:\Users\user\Desktop\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 7E4008Jump to behavior
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread register set: target process: 3808Jump to behavior
              Source: C:\Windows\SysWOW64\WWAHost.exeThread register set: target process: 3808Jump to behavior
              Adds a directory exclusion to Windows Defender
              Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exe
              Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exeJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exeJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\svyewSjGVGtgt" /XML "C:\Users\user\AppData\Local\Temp\tmp8F67.tmpJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
              Source: explorer.exe, 0000000D.00000000.436820402.0000000000D00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.482212994.0000000000D00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.582310845.0000000000D00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program ManagerG
              Source: explorer.exe, 0000000D.00000000.436820402.0000000000D00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.518253948.0000000005920000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.482212994.0000000000D00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: explorer.exe, 0000000D.00000000.436820402.0000000000D00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.482212994.0000000000D00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.582310845.0000000000D00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: explorer.exe, 0000000D.00000000.436820402.0000000000D00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.482212994.0000000000D00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000D.00000000.582310845.0000000000D00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
              Source: explorer.exe, 0000000D.00000000.581054248.0000000000628000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.512346185.0000000000628000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.480898254.0000000000628000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanPV*
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Users\user\Desktop\vbc.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.vbc.exe.3b73cf8.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.vbc.exe.3b73cf8.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid Accounts1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		612
              Process Injection              		1
              Masquerading              		OS Credential Dumping221
              Security Software Discovery              		Remote Services11
              Archive Collected Data              		Exfiltration Over Other Network Medium1
              Encrypted Channel              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default Accounts1
              Shared Modules              		Boot or Logon Initialization Scripts1
              Scheduled Task/Job              		11
              Disable or Modify Tools              		LSASS Memory2
              Process Discovery              		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
              Non-Application Layer Protocol              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
              Virtualization/Sandbox Evasion              		Security Account Manager31
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration11
              Application Layer Protocol              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)612
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
              Deobfuscate/Decode Files or Information              		LSA Secrets1
              File and Directory Discovery              		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.common3
              Obfuscated Files or Information              		Cached Domain Credentials12
              System Information Discovery              		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup Items13
              Software Packing              		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 680430 Sample: vbc.exe Startdate: 08/08/2022 Architecture: WINDOWS Score: 100 35 www.reisdafavela.com 2->35 37 www.mpageorientalrugs.com 2->37 39 Malicious sample detected (through community Yara rule) 2->39 41 Multi AV Scanner detection for dropped file 2->41 43 Multi AV Scanner detection for submitted file 2->43 45 6 other signatures 2->45 9 vbc.exe 7 2->9         started        signatures3 process4 file5 29 C:\Users\user\AppData\...\svyewSjGVGtgt.exe, PE32 9->29 dropped 31 C:\Users\user\AppData\Local\...\tmp8F67.tmp, XML 9->31 dropped 33 C:\Users\user\AppData\Local\...\vbc.exe.log, ASCII 9->33 dropped 47 Uses schtasks.exe or at.exe to add and modify task schedules 9->47 49 Writes to foreign memory regions 9->49 51 Adds a directory exclusion to Windows Defender 9->51 53 Injects a PE file into a foreign processes 9->53 13 vbc.exe 9->13         started        16 powershell.exe 25 9->16         started        18 schtasks.exe 1 9->18         started        signatures6 process7 signatures8 59 Modifies the context of a thread in another process (thread injection) 13->59 61 Maps a DLL or memory area into another process 13->61 63 Sample uses process hollowing technique 13->63 65 Queues an APC in another process (thread injection) 13->65 20 explorer.exe 3 13->20 injected 22 conhost.exe 16->22         started        24 conhost.exe 18->24         started        process9 process10 26 WWAHost.exe 20->26         started        signatures11 55 Modifies the context of a thread in another process (thread injection) 26->55 57 Maps a DLL or memory area into another process 26->57

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              vbc.exe15%ReversingLabsByteCode-MSIL.Spyware.Noon

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exe15%ReversingLabsByteCode-MSIL.Spyware.Noon

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              9.0.vbc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

              Domains

              SourceDetectionScannerLabelLink
              www.mpageorientalrugs.com0%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              http://www.tiro.com=0%Avira URL Cloudsafe
              http://ns.adobY0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              www.danetsystem.com/x8ut/0%Avira URL Cloudsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://www.founder.com.cn/cn0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://boards.4chan.org3Retrieving0%Avira URL Cloudsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              www.reisdafavela.com
              		198.50.252.64
              		truefalse
                		unknown
                www.mpageorientalrugs.com
                		199.59.243.220
                		truefalseunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                www.danetsystem.com/x8ut/true
                • Avira URL Cloud: safe
                		low

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.apache.org/licenses/LICENSE-2.0vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.fontbureau.comvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.fontbureau.com/designersGvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.tiro.com=vbc.exe, 00000000.00000003.362484787.000000000110C000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://ns.adobYexplorer.exe, 0000000D.00000000.482694490.00000000026D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.437285891.00000000026D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.514496245.00000000026D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000D.00000000.582671646.00000000026D0000.00000004.00000001.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers/?vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.founder.com.cn/cn/bThevbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://boards.4chan.org/b/vbc.exe, svyewSjGVGtgt.exe.0.drfalse
                          		high
                          http://www.fontbureau.com/designers?vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.tiro.comvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000000.00000003.362484787.000000000110C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designersvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.goodfont.co.krvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.comlvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.sajatypeworks.comvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.typography.netDvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/cabarga.htmlNvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/cThevbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/staff/dennis.htmvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://fontfabrik.comvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cnvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/frere-jones.htmlvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.jiyu-kobo.co.jp/vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.galapagosdesign.com/DPleasevbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers8vbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://boards.4chan.org3Retrievingvbc.exe, svyewSjGVGtgt.exe.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.fonts.comvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.sandoll.co.krvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://images.4chan.org/vbc.exe, svyewSjGVGtgt.exe.0.drfalse
                                        		high
                                        http://www.urwpp.deDPleasevbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevbc.exe, 00000000.00000002.433034346.0000000002ADD000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000000.00000002.435077515.0000000002D26000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.sakkal.comvbc.exe, 00000000.00000002.441794995.0000000006B22000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown

                                          World Map of Contacted IPs

                                          No contacted IP infos

                                          General Information

                                          Joe Sandbox Version:35.0.0 Citrine
                                          Analysis ID:680430
                                          Start date and time: 08/08/202215:48:122022-08-08 15:48:12 +02:00
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 9m 29s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Sample file name:vbc.exe
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:27
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:1
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal100.troj.evad.winEXE@10/8@2/0
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HDC Information:
                                          • Successful, ratio: 89.4% (good quality ratio 78%)
                                          • Quality average: 72%
                                          • Quality standard deviation: 33.2%
                                          HCA Information:
                                          • Successful, ratio: 97%
                                          • Number of executed functions: 25
                                          • Number of non-executed functions: 153
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe
                                          • Adjust boot time
                                          • Enable AMSI

                                          Warnings

                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                          • Excluded IPs from analysis (whitelisted): 23.211.6.115
                                          • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          15:49:44API Interceptor1x Sleep call for process: vbc.exe modified
                                          15:49:52API Interceptor17x Sleep call for process: powershell.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          No context

                                          Domains

                                          No context

                                          ASNs

                                          No context

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vbc.exe.log

                                          Download File
                                          Process:C:\Users\user\Desktop\vbc.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:modified
                                          Size (bytes):1308
                                          Entropy (8bit):5.345811588615766
                                          Encrypted:false
                                          SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
                                          MD5:2E016B886BDB8389D2DD0867BE55F87B
                                          SHA1:25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
                                          SHA-256:1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
                                          SHA-512:C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
                                          Malicious:true
                                          Reputation:high, very likely benign file
                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):22044
                                          Entropy (8bit):5.605422146552003
                                          Encrypted:false
                                          SSDEEP:384:ltCDL7LAR404OYSBKnEjsE7nvGL3Ss3YcMtEm+y+AV7gMWIwLYI++zyv:CS409Y4KEozDSKEsy1
                                          MD5:8838823AC054A0478910CFA8271674A2
                                          SHA1:C98923EA621F79B96994728D3B46EC2E88C58A22
                                          SHA-256:DB299AC84ED574EE9514A2CD374189118D69A619D506B0A35350165AD163B2EF
                                          SHA-512:34AD80087C4C3878C55099B0AE860BD273C11A464EB35E212DAF58DFE5FD79288811BB79528069BD00D48B552295ACD435DA174EBE4867FE2D732E241AD9A671
                                          Malicious:false
                                          Reputation:low
                                          Preview:@...e...........?.........m.:.2.....@.X..............@..........H...............<@.^.L."My...::..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ifas2zv3.1tq.ps1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:U:U
                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                          Malicious:false
                                          Preview:1

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yvgpjfng.m1e.psm1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:U:U
                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                          Malicious:false
                                          Preview:1

                                          C:\Users\user\AppData\Local\Temp\tmp8F67.tmp

                                          Download File
                                          Process:C:\Users\user\Desktop\vbc.exe
                                          File Type:XML 1.0 document, ASCII text
                                          Category:dropped
                                          Size (bytes):1616
                                          Entropy (8bit):5.137169455237211
                                          Encrypted:false
                                          SSDEEP:24:2di4+S2qh/dp1Kd+y1modHUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtTxvn:cgeHMYrFdOFzOzN33ODOiDdKrsuTNv
                                          MD5:FF07B22E748EA6A46D61392F077BB03C
                                          SHA1:41A9F6631C8124F65DBB1DE38E916B227F2BB7DF
                                          SHA-256:97360A802B86E1ED2E15B9D5CEA6795ABC8D4078F7A9DC411428687E4CC6267D
                                          SHA-512:FDD6061FBC633442B66AB51264BCB24F24C15FAFD885242F0653A87E8422FA2939363F2B38B21D7CE6694B5B48ECACF7E803BEAFE723C4A531D129D7D6E61D10
                                          Malicious:true
                                          Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>computer\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>computer\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>computer\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvai

                                          C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\vbc.exe
                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):980480
                                          Entropy (8bit):7.45173526736637
                                          Encrypted:false
                                          SSDEEP:24576:Ki6ry6N+Io9b2VyRRptoX82u4nTDe9IbUDHDlC:KiN6NTMrRRy1ue7UI
                                          MD5:2FD70987E440C0351B1CE6BA45568868
                                          SHA1:1FBF7460B77D6335CA56F5DD0BF274049436AB62
                                          SHA-256:46B08AC7A1A467F9D8053AAF6853500A32FD5C4B1ACD747A9A83134F59115424
                                          SHA-512:D23242DE267CDEB1C7E08955725ADDC560D441D1181F04885C9813157AF3A94639AA463EAA21456C5518A2F71FEB6AB40FE7C2A596D5FC75759D941D5EFDFDE8
                                          Malicious:true
                                          Yara Hits:
                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exe, Author: Joe Security
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 15%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i.b..............0.............B(... ...@....@.. .......................@............@..................................'..O....@....................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc....... ......................@..B................$(......H.......<+..............X....+...........................................0..V........~....~*...(+.....,5.(....&r...p(,....+...r...p(....%.....~*...(+.....-..~.....(....&*...0..!........~....~*...(-.....,.~.....(....&*....0..\........s.....~....r/..p(/.....,..(0......~....(1...o2...&.r1..po2...&..o2...&..o2...&.o3...(.....*:..r]..p(.....*..0..\........s.....~....r/..p(/.....,..(0......~....(1...o2...&.ra..po2...&..o2...&..o2...&.o3...(.....*:..r]..p(.....*..0..\........s.....~

                                          C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exe:Zone.Identifier

                                          Download File
                                          Process:C:\Users\user\Desktop\vbc.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:ggPYV:rPYV
                                          MD5:187F488E27DB4AF347237FE461A079AD
                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                          Malicious:false
                                          Preview:[ZoneTransfer]....ZoneId=0

                                          C:\Users\user\Documents\20220808\PowerShell_transcript.124406.zAYrvPjT.20220808154951.txt

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5841
                                          Entropy (8bit):5.399056258409197
                                          Encrypted:false
                                          SSDEEP:96:BZIA6FNEqDo1ZuMZ96FNEqDo1Zg5XBjZ96FNEqDo1Z38RRvZo:0hn
                                          MD5:7F9D4AF83AFC9696935D6A5C85E861EC
                                          SHA1:0DBD97C17C16B00E10D0E976DB641EAED4234FF9
                                          SHA-256:17A265782A76ED320328F53D902AF79B3E9F991DAD11681E6FEAF078E0BD0366
                                          SHA-512:3EB43C3491D0080D188961EFA1707508FE216273AE57130E34673FDB0576BB829F368DAD2B105D9E9DC12BFBBC93067CE37B3F7CB06B2378955ED4B2CFF3E3AC
                                          Malicious:false
                                          Preview:.**********************..Windows PowerShell transcript start..Start time: 20220808154952..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 124406 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exe..Process ID: 6492..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220808154952..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exe..**********************..Windows PowerShell transcript start..Start time: 20220808155212..Username: computer\user..RunAs

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Entropy (8bit):7.45173526736637
                                          TrID:
                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                          • Windows Screen Saver (13104/52) 0.07%
                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                          File name:vbc.exe
                                          File size:980480
                                          MD5:2fd70987e440c0351b1ce6ba45568868
                                          SHA1:1fbf7460b77d6335ca56f5dd0bf274049436ab62
                                          SHA256:46b08ac7a1a467f9d8053aaf6853500a32fd5c4b1acd747a9a83134f59115424
                                          SHA512:d23242de267cdeb1c7e08955725addc560d441d1181f04885c9813157af3a94639aa463eaa21456c5518a2f71feb6ab40fe7c2a596d5fc75759d941d5efdfde8
                                          SSDEEP:24576:Ki6ry6N+Io9b2VyRRptoX82u4nTDe9IbUDHDlC:KiN6NTMrRRy1ue7UI
                                          TLSH:C125AD17AFA07708E4F75BB8DD6B686183F63809617ED2792E905C9F2DFA300D50162B
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i.b..............0.............B(... ...@....@.. .......................@............@................................

                                          File Icon

                                          Icon Hash:c68ce86ecc8c8ac8

                                          Static PE Info

                                          General

                                          Entrypoint:0x4e2842
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x62F069A6 [Mon Aug 8 01:40:54 2022 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                          Entrypoint Preview

                                          Instruction
                                          jmp dword ptr [00402000h]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          mov bh, 1Dh
                                          rol dword ptr [esi+ebp*2], 3Bh
                                          or byte ptr [ecx], FFFFFFD9h
                                          inc ebx
                                          or eax, 130476DCh
                                          imul ebp, dword ptr [ebx-3Bh], 17h
                                          mov dl, 4Dh
                                          xchg byte ptr [edx], bl
                                          add eax, B81E4750h
                                          in eax, dx
                                          or byte ptr [esi], ah

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xe27f00x4f.text
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xe40000xd4bc.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xf20000xc.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x20000xe1bc00xe1c00False0.7346626695736435data7.58951432122368IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rsrc0xe40000xd4bc0xd600False0.2766683703271028data3.757541169308502IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0xf20000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountry
                                          RT_ICON0xe41280x94a8dBase III DBT, version number 0, next free block index 40
                                          RT_ICON0xed5e00x25a8dBase III DBT, version number 0, next free block index 40
                                          RT_ICON0xefb980x10a8data
                                          RT_ICON0xf0c500x468GLS_BINARY_LSB_FIRST
                                          RT_GROUP_ICON0xf10c80x3edata
                                          RT_VERSION0xf11180x3a0data

                                          Imports

                                          DLLImport
                                          mscoree.dll_CorExeMain

                                          Network Behavior

                                          Network Port Distribution

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Aug 8, 2022 15:51:43.529246092 CEST5390753192.168.2.78.8.8.8
                                          Aug 8, 2022 15:51:43.554703951 CEST53539078.8.8.8192.168.2.7
                                          Aug 8, 2022 15:51:48.779010057 CEST6385253192.168.2.78.8.8.8
                                          Aug 8, 2022 15:51:48.888549089 CEST53638528.8.8.8192.168.2.7

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          Aug 8, 2022 15:51:43.529246092 CEST192.168.2.78.8.8.80x1b2fStandard query (0)www.reisdafavela.comA (IP address)IN (0x0001)
                                          Aug 8, 2022 15:51:48.779010057 CEST192.168.2.78.8.8.80x1653Standard query (0)www.mpageorientalrugs.comA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          Aug 8, 2022 15:51:43.554703951 CEST8.8.8.8192.168.2.70x1b2fNo error (0)www.reisdafavela.com198.50.252.64A (IP address)IN (0x0001)
                                          Aug 8, 2022 15:51:48.888549089 CEST8.8.8.8192.168.2.70x1653No error (0)www.mpageorientalrugs.com199.59.243.220A (IP address)IN (0x0001)

                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:15:49:24
                                          Start date:08/08/2022
                                          Path:C:\Users\user\Desktop\vbc.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\vbc.exe"
                                          Imagebase:0x660000
                                          File size:980480 bytes
                                          MD5 hash:2FD70987E440C0351B1CE6BA45568868
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Yara matches:
                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.433034346.0000000002ADD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.435077515.0000000002D26000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.437207129.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:low

                                          General

                                          Target ID:4
                                          Start time:15:49:49
                                          Start date:08/08/2022
                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svyewSjGVGtgt.exe
                                          Imagebase:0xf0000
                                          File size:430592 bytes
                                          MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Reputation:high

                                          General

                                          Target ID:5
                                          Start time:15:49:49
                                          Start date:08/08/2022
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7bab80000
                                          File size:625664 bytes
                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          General

                                          Target ID:6
                                          Start time:15:49:49
                                          Start date:08/08/2022
                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\svyewSjGVGtgt" /XML "C:\Users\user\AppData\Local\Temp\tmp8F67.tmp
                                          Imagebase:0xf70000
                                          File size:185856 bytes
                                          MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          General

                                          Target ID:7
                                          Start time:15:49:51
                                          Start date:08/08/2022
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7bab80000
                                          File size:625664 bytes
                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          General

                                          Target ID:9
                                          Start time:15:49:58
                                          Start date:08/08/2022
                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                          Imagebase:0xd70000
                                          File size:2688096 bytes
                                          MD5 hash:B3A917344F5610BEEC562556F11300FA
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000000.426521887.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:moderate

                                          General

                                          Target ID:13
                                          Start time:15:50:03
                                          Start date:08/08/2022
                                          Path:C:\Windows\explorer.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\Explorer.EXE
                                          Imagebase:0x7ff631f70000
                                          File size:3933184 bytes
                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000000.501771022.000000000B529000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000000.535893743.000000000B529000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:high

                                          General

                                          Target ID:20
                                          Start time:15:50:56
                                          Start date:08/08/2022
                                          Path:C:\Windows\SysWOW64\WWAHost.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\SysWOW64\WWAHost.exe
                                          Imagebase:0xde0000
                                          File size:829856 bytes
                                          MD5 hash:370C260333EB3149EF4E49C8F64652A0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000002.623504800.0000000000F20000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000002.625773894.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000002.626309765.0000000003440000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:moderate

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:8.9%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:4.3%
                                            Total number of Nodes:69
                                            Total number of Limit Nodes:4
                                            execution_graph 15819 f8dd70 15820 f8ddd6 15819->15820 15823 f8df30 15820->15823 15826 f8bee0 15823->15826 15827 f8df98 DuplicateHandle 15826->15827 15828 f8de85 15827->15828 15829 f8bf50 15830 f8bf98 GetModuleHandleW 15829->15830 15831 f8bf92 15829->15831 15832 f8bfc5 15830->15832 15831->15830 15833 f84210 15834 f8422c 15833->15834 15835 f8423d 15834->15835 15839 f84389 15834->15839 15844 f83dc4 15835->15844 15837 f8425d 15840 f843ad 15839->15840 15848 f84488 15840->15848 15852 f84478 15840->15852 15845 f83dcf 15844->15845 15860 f88244 15845->15860 15847 f88544 15847->15837 15850 f844af 15848->15850 15849 f8458c 15849->15849 15850->15849 15856 f83f84 15850->15856 15853 f844af 15852->15853 15854 f8458c 15853->15854 15855 f83f84 CreateActCtxA 15853->15855 15854->15854 15855->15854 15857 f85518 CreateActCtxA 15856->15857 15859 f855db 15857->15859 15861 f8824f 15860->15861 15864 f88334 15861->15864 15863 f8901d 15863->15847 15865 f8833f 15864->15865 15868 f88364 15865->15868 15867 f890fa 15867->15863 15869 f8836f 15868->15869 15872 f88394 15869->15872 15871 f891ea 15871->15867 15873 f8839f 15872->15873 15875 f898fe 15873->15875 15879 f8b86e 15873->15879 15882 f8b870 15873->15882 15874 f8993c 15874->15871 15875->15874 15885 f8d9a0 15875->15885 15880 f8b87f 15879->15880 15889 f8b958 15879->15889 15880->15875 15884 f8b958 LoadLibraryExW 15882->15884 15883 f8b87f 15883->15875 15884->15883 15886 f8d9c1 15885->15886 15887 f8d9e5 15886->15887 15901 f8dc58 15886->15901 15887->15874 15890 f8b97b 15889->15890 15891 f8b98b 15890->15891 15893 f8bff8 15890->15893 15891->15880 15894 f8c00c 15893->15894 15896 f8c031 15894->15896 15897 f8bb58 15894->15897 15896->15891 15898 f8c1d8 LoadLibraryExW 15897->15898 15900 f8c251 15898->15900 15900->15896 15902 f8dc65 15901->15902 15904 f8dc9f 15902->15904 15905 f8be58 15902->15905 15904->15887 15906 f8be63 15905->15906 15908 f8e998 15906->15908 15909 f8bf20 15906->15909 15910 f8bf2b 15909->15910 15911 f88394 LoadLibraryExW 15910->15911 15912 f8ea07 15911->15912 15912->15908

                                            Executed Functions

                                            Function 00F83DC4 Relevance: 10.7, Strings: 8, Instructions: 668COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.431982974.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f80000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k
                                            • API String ID: 0-2512752502
                                            • Opcode ID: 845df35cc32b2736c9d033905a3f4a54fa2f09ac1357376008e4f6f88f2114eb
                                            • Instruction ID: 7d467fe77fda8c684ea505dd70c4192964e73b87eb4412e674b01dd677030a72
                                            • Opcode Fuzzy Hash: 845df35cc32b2736c9d033905a3f4a54fa2f09ac1357376008e4f6f88f2114eb
                                            • Instruction Fuzzy Hash: 3D620C34A00209CFCB54EBA4C995BEDB7B2FF89304F6085A9D4096B355DB35AD8ACF41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F88458 Relevance: 10.7, Strings: 8, Instructions: 666COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.431982974.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f80000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k
                                            • API String ID: 0-2512752502
                                            • Opcode ID: 8bb900503dfba3771142d7770fc396bca5897809cddb0960c38ff30f94c0eef8
                                            • Instruction ID: a77a044ab9607a1eab95f06705340158a76659d9751ee4078d84c876fbae75ec
                                            • Opcode Fuzzy Hash: 8bb900503dfba3771142d7770fc396bca5897809cddb0960c38ff30f94c0eef8
                                            • Instruction Fuzzy Hash: 4762FC34A00219CFCB54EBA4C991BEDB7B2FF89304F6085A9D4096B355DB35AD8ACF41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F8550C Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 543 f8550c-f855d9 CreateActCtxA 545 f855db-f855e1 543->545 546 f855e2-f8563c 543->546 545->546 553 f8564b-f8564f 546->553 554 f8563e-f85641 546->554 555 f85660 553->555 556 f85651-f8565d 553->556 554->553 558 f85661 555->558 556->555 558->558
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 00F855C9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.431982974.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f80000_vbc.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: 4a9143e23817bb2a52e874583da5b2efe5fdacf8850d13e4317889cd424f8d14
                                            • Instruction ID: f8a65d75a5b32a2be8e216a9520e4f85067697209dba682614ba24443954f349
                                            • Opcode Fuzzy Hash: 4a9143e23817bb2a52e874583da5b2efe5fdacf8850d13e4317889cd424f8d14
                                            • Instruction Fuzzy Hash: 39411271D0061DCFDB24DFA9C885BCEBBB1BF48308F608069D408AB650DB75694ACF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F83F84 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 559 f83f84-f855d9 CreateActCtxA 562 f855db-f855e1 559->562 563 f855e2-f8563c 559->563 562->563 570 f8564b-f8564f 563->570 571 f8563e-f85641 563->571 572 f85660 570->572 573 f85651-f8565d 570->573 571->570 575 f85661 572->575 573->572 575->575
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 00F855C9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.431982974.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f80000_vbc.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: c6b798129323abd342d600820336aea9ca71192fe8b2cd6383445b7c64bea56b
                                            • Instruction ID: 5fd9373e4cd39b9d0ab20bc3208d02d3c22b00f4d008a4867f4a004d435526c7
                                            • Opcode Fuzzy Hash: c6b798129323abd342d600820336aea9ca71192fe8b2cd6383445b7c64bea56b
                                            • Instruction Fuzzy Hash: A0410271D0061DCFDB24DFA9C884BCEBBB2BF48318F648169D409AB251DB71694ACF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F8BEE0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 576 f8bee0-f8e02c DuplicateHandle 578 f8e02e-f8e034 576->578 579 f8e035-f8e052 576->579 578->579
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F8DF5E,?,?,?,?,?), ref: 00F8E01F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.431982974.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f80000_vbc.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: 7a51c7183c70c1559fa17818069127d127ae51aa8cd5d5377ce20e7e1e41d3e1
                                            • Instruction ID: 78e3a40598c71be1a8931fb91413d03f7f6abfba6c2c1cd12ba2d4069c834817
                                            • Opcode Fuzzy Hash: 7a51c7183c70c1559fa17818069127d127ae51aa8cd5d5377ce20e7e1e41d3e1
                                            • Instruction Fuzzy Hash: DB21E4B5D00209AFDB10CF9AD484AEEBBF4EB48324F14841AE915B7750D378A945DFA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F8BB58 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 582 f8bb58-f8c218 584 f8c21a-f8c21d 582->584 585 f8c220-f8c24f LoadLibraryExW 582->585 584->585 586 f8c258-f8c275 585->586 587 f8c251-f8c257 585->587 587->586
                                            APIs
                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F8C031,00000800,00000000,00000000), ref: 00F8C242
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.431982974.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f80000_vbc.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: 3ce7c021ef91ea99fd5ccf8c86e625b27c987d38835649c7b96f9539b87b6de3
                                            • Instruction ID: 9aa3153570a36dad966d8154e92b42de8ac3cf8e89b424bf345c3bda6127a570
                                            • Opcode Fuzzy Hash: 3ce7c021ef91ea99fd5ccf8c86e625b27c987d38835649c7b96f9539b87b6de3
                                            • Instruction Fuzzy Hash: 3E1103B6D002099FDB10DF9AD448BDEFBF4AB48324F14852EE915B7640C374A945CFA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00F8BF50 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 590 f8bf50-f8bf90 591 f8bf98-f8bfc3 GetModuleHandleW 590->591 592 f8bf92-f8bf95 590->592 593 f8bfcc-f8bfe0 591->593 594 f8bfc5-f8bfcb 591->594 592->591 594->593
                                            APIs
                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00F8BFB6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.431982974.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f80000_vbc.jbxd
                                            Similarity
                                            • API ID: HandleModule
                                            • String ID:
                                            • API String ID: 4139908857-0
                                            • Opcode ID: 320207e3d55f94aea20e4656275182bf1ec8ea152371a458114074a23ddeb5d5
                                            • Instruction ID: 7c599f8e40f03c95a2b052897f134db8f3b4cef5bcf347e748cdb160a4caa910
                                            • Opcode Fuzzy Hash: 320207e3d55f94aea20e4656275182bf1ec8ea152371a458114074a23ddeb5d5
                                            • Instruction Fuzzy Hash: D911DFB6D002498FCB10DF9AD848BDEFBF4AB89324F15851AD419B7600C379A545CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Execution Graph

                                            Execution Coverage:0.6%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:52%
                                            Total number of Nodes:1598
                                            Total number of Limit Nodes:68
                                            execution_graph 17624 52035a1 17625 52035a7 17624->17625 17626 52035b7 17625->17626 17627 52035b8 GetPEB 17625->17627 17628 51eeb70 33 API calls 17627->17628 17628->17626 17346 528fa2b 17349 528fa37 __cftof 17346->17349 17347 528fcda __cftof 17349->17347 17350 529a80d 17349->17350 17351 529a81c 17350->17351 17352 529a84e 17350->17352 17354 528ff41 17351->17354 17352->17347 17355 528ff4d __cftof 17354->17355 17357 528ffaf __cftof 17355->17357 17358 5292073 17355->17358 17357->17352 17368 528fd22 17358->17368 17360 529207d 17361 5292085 17360->17361 17362 52920a4 17360->17362 17371 5288df1 17361->17371 17364 52920be 17362->17364 17379 5291c06 GetPEB 17362->17379 17364->17357 17369 5219670 __cftof LdrInitializeThunk 17368->17369 17370 528fd3d 17369->17370 17370->17360 17435 522d0e8 17371->17435 17373 5288dfd GetPEB 17374 5288e10 17373->17374 17375 5265720 __cftof 12 API calls 17374->17375 17376 5288e2f 17374->17376 17375->17376 17377 522d130 __cftof 12 API calls 17376->17377 17378 5288ebd 17377->17378 17378->17357 17380 5291c3d 17379->17380 17381 5291c20 GetPEB 17379->17381 17383 51db150 __cftof 12 API calls 17380->17383 17382 51db150 __cftof 12 API calls 17381->17382 17384 5291c3a 17382->17384 17383->17384 17385 51db150 __cftof 12 API calls 17384->17385 17386 5291c5a GetPEB 17385->17386 17388 5291d04 17386->17388 17389 5291ce7 GetPEB 17386->17389 17391 51db150 __cftof 12 API calls 17388->17391 17390 51db150 __cftof 12 API calls 17389->17390 17392 5291d01 17390->17392 17391->17392 17393 51db150 __cftof 12 API calls 17392->17393 17394 5291d1c 17393->17394 17395 5291d27 GetPEB 17394->17395 17424 5291d66 17394->17424 17397 5291d4f 17395->17397 17398 5291d32 GetPEB 17395->17398 17396 5291d70 GetPEB 17399 5291d98 17396->17399 17400 5291d7b GetPEB 17396->17400 17403 51db150 __cftof 12 API calls 17397->17403 17402 51db150 __cftof 12 API calls 17398->17402 17407 51db150 __cftof 12 API calls 17399->17407 17404 51db150 __cftof 12 API calls 17400->17404 17401 5291db9 GetPEB 17409 5291de1 17401->17409 17410 5291dc4 GetPEB 17401->17410 17408 5291d4c 17402->17408 17403->17408 17411 5291d95 17404->17411 17405 5291e0a GetPEB 17415 5291e32 17405->17415 17416 5291e15 GetPEB 17405->17416 17406 5291df8 17406->17405 17414 5291e52 GetPEB 17406->17414 17407->17411 17417 51db150 __cftof 12 API calls 17408->17417 17413 51db150 __cftof 12 API calls 17409->17413 17412 51db150 __cftof 12 API calls 17410->17412 17421 51db150 __cftof 12 API calls 17411->17421 17420 5291dde 17412->17420 17413->17420 17418 5291e7a 17414->17418 17419 5291e5d GetPEB 17414->17419 17423 51db150 __cftof 12 API calls 17415->17423 17422 51db150 __cftof 12 API calls 17416->17422 17417->17424 17426 51db150 __cftof 12 API calls 17418->17426 17425 51db150 __cftof 12 API calls 17419->17425 17428 51db150 __cftof 12 API calls 17420->17428 17427 5291daf 17421->17427 17429 5291e2f 17422->17429 17423->17429 17424->17396 17424->17427 17430 5291e77 17425->17430 17426->17430 17427->17401 17427->17406 17428->17406 17431 51db150 __cftof 12 API calls 17429->17431 17432 51db150 __cftof 12 API calls 17430->17432 17433 5291e4f 17431->17433 17434 5291e90 GetPEB 17432->17434 17433->17414 17434->17364 17435->17373 17629 51d1190 17630 51d11a0 17629->17630 17632 51d11be 17629->17632 17630->17632 17633 51d11e0 17630->17633 17636 51d1204 17633->17636 17634 521b640 __cftof 12 API calls 17635 51d1296 17634->17635 17635->17632 17636->17634 17637 52949a4 17638 52949bc 17637->17638 17639 5294a99 17637->17639 17641 52949e4 __cftof 17638->17641 17657 5219660 LdrInitializeThunk 17638->17657 17641->17639 17642 5294a21 GetPEB 17641->17642 17643 5294a4a 17642->17643 17644 5294a2d GetPEB 17642->17644 17646 51db150 __cftof 12 API calls 17643->17646 17645 51db150 __cftof 12 API calls 17644->17645 17647 5294a47 17645->17647 17646->17647 17648 51db150 __cftof 12 API calls 17647->17648 17649 5294a6b 17648->17649 17649->17639 17650 5294a9b GetPEB 17649->17650 17651 5294ac4 17650->17651 17652 5294aa7 GetPEB 17650->17652 17653 51db150 __cftof 12 API calls 17651->17653 17654 51db150 __cftof 12 API calls 17652->17654 17655 5294ac1 17653->17655 17654->17655 17656 51db150 __cftof 12 API calls 17655->17656 17656->17639 17657->17641 16716 52a5ba5 16717 52a5bb4 __cftof 16716->16717 16723 52a5c10 16717->16723 16724 52a5c2a __cftof 16717->16724 16727 52a4c56 16717->16727 16737 522d130 16723->16737 16724->16723 16725 52a60cf GetPEB 16724->16725 16726 5219710 LdrInitializeThunk 16724->16726 16731 5216de6 16724->16731 16725->16724 16726->16724 16728 52a4c62 __cftof 16727->16728 16729 522d130 __cftof 12 API calls 16728->16729 16730 52a4caa 16729->16730 16730->16724 16732 5216e03 16731->16732 16736 5216e73 16731->16736 16734 5216e53 16732->16734 16732->16736 16740 5216ebe 16732->16740 16734->16736 16748 5206a60 16734->16748 16736->16724 16738 521b640 __cftof 12 API calls 16737->16738 16739 522d13a 16738->16739 16739->16739 16753 51eeef0 16740->16753 16743 5216f0d 16758 51eeb70 16743->16758 16746 5216f48 16746->16732 16747 5216eeb 16747->16743 16764 5217742 16747->16764 16770 52884e0 16747->16770 16749 5248025 16748->16749 16750 5206a8d __cftof 16748->16750 16750->16749 16751 521b640 __cftof 12 API calls 16750->16751 16752 5206b66 16751->16752 16752->16736 16754 51eef0c 16753->16754 16755 51eef21 16753->16755 16754->16747 16756 51eef29 16755->16756 16776 51eef40 16755->16776 16756->16747 16759 51eeb9e 16758->16759 16760 51eeb81 16758->16760 16759->16746 16760->16759 16762 51eebac 16760->16762 17040 526ff10 16760->17040 16762->16759 17034 51d4dc0 16762->17034 16765 5217827 16764->16765 16768 5217768 __cftof 16764->16768 16765->16747 16767 51eeef0 27 API calls 16767->16768 16768->16765 16768->16767 16769 51eeb70 33 API calls 16768->16769 17107 5219660 LdrInitializeThunk 16768->17107 16769->16768 16771 5288511 16770->16771 16772 51eeb70 33 API calls 16771->16772 16774 5288556 16772->16774 16773 51eeef0 27 API calls 16775 52885f1 16773->16775 16774->16773 16775->16747 16777 51ef0bd 16776->16777 16779 51eef5d 16776->16779 16777->16779 16814 51d9080 16777->16814 16781 51ef071 16779->16781 16783 51ef042 16779->16783 16784 51d2d8a 16779->16784 16781->16754 16782 51ef053 GetPEB 16782->16781 16783->16781 16783->16782 16786 51d2db8 16784->16786 16792 51d2df1 __cftof 16784->16792 16785 51d2de7 16785->16792 16824 5201624 16785->16824 16786->16785 16786->16792 16820 51d2e9f 16786->16820 16787 522f9d0 GetPEB 16790 522f9e3 GetPEB 16787->16790 16790->16792 16792->16787 16792->16790 16795 51d2e5a 16792->16795 16818 51f7d50 GetPEB 16792->16818 16831 526fe87 16792->16831 16838 526fdda 16792->16838 16844 526ffb9 16792->16844 16852 5265720 16792->16852 16796 51d2e61 16795->16796 16802 51d2e99 __cftof 16795->16802 16797 51d2e69 16796->16797 16798 51f7d50 GetPEB 16796->16798 16797->16779 16800 522fa76 16798->16800 16803 522fa8a 16800->16803 16804 522fa7a GetPEB 16800->16804 16801 51d2ece 16801->16779 16802->16801 16867 52195d0 LdrInitializeThunk 16802->16867 16803->16797 16807 522fa97 GetPEB 16803->16807 16804->16803 16807->16797 16808 522faaa 16807->16808 16809 51f7d50 GetPEB 16808->16809 16810 522faaf 16809->16810 16811 522fac3 16810->16811 16812 522fab3 GetPEB 16810->16812 16811->16797 16855 5257016 16811->16855 16812->16811 16815 51d909e GetPEB 16814->16815 16816 51d9098 16814->16816 16817 51d90aa 16815->16817 16816->16815 16817->16779 16819 51f7d5d 16818->16819 16819->16792 16821 51d2ebb __cftof 16820->16821 16823 51d2ece 16821->16823 16868 52195d0 LdrInitializeThunk 16821->16868 16823->16785 16869 52016e0 16824->16869 16826 5201630 16829 5201691 16826->16829 16873 52016c7 16826->16873 16829->16792 16830 520165a 16830->16829 16880 520a185 16830->16880 16832 51f7d50 GetPEB 16831->16832 16833 526fec1 16832->16833 16834 526fec5 GetPEB 16833->16834 16835 526fed5 __cftof 16833->16835 16834->16835 16906 521b640 16835->16906 16837 526fef8 16837->16792 16839 526fdff __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 16838->16839 16840 5265720 __cftof 12 API calls 16839->16840 16841 526fe0f 16840->16841 16842 5265720 __cftof 12 API calls 16841->16842 16843 526fe39 16842->16843 16843->16792 16845 526ffc8 __cftof 16844->16845 16983 520e730 16845->16983 16994 51db171 16852->16994 16856 5257052 16855->16856 16857 5257073 GetPEB 16856->16857 16862 5257084 16856->16862 16857->16862 16858 5257125 GetPEB 16859 5257136 16858->16859 16860 521b640 __cftof 12 API calls 16859->16860 16861 5257147 16860->16861 16861->16797 16862->16859 16863 51f7d50 GetPEB 16862->16863 16865 5257101 __cftof 16862->16865 16864 52570ec 16863->16864 16864->16865 16866 52570f0 GetPEB 16864->16866 16865->16858 16865->16859 16866->16865 16867->16801 16868->16823 16870 52016ed 16869->16870 16871 52016f3 GetPEB 16870->16871 16872 52016f1 16870->16872 16871->16872 16872->16826 16874 52455f4 16873->16874 16875 52016da 16873->16875 16885 528bbf0 16874->16885 16875->16830 16879 524560a 16881 520a1a0 16880->16881 16882 520a192 16880->16882 16881->16882 16883 520a1b0 GetPEB 16881->16883 16882->16829 16884 520a1c1 16883->16884 16884->16829 16886 528bc12 16885->16886 16887 52455fb 16886->16887 16893 528c08a 16886->16893 16887->16879 16889 528bf33 16887->16889 16890 528bf4c 16889->16890 16892 528bf97 16890->16892 16901 528be9b 16890->16901 16892->16879 16894 528c0c6 16893->16894 16896 528c104 __cftof 16894->16896 16897 528bfdb 16894->16897 16896->16887 16899 528bfeb 16897->16899 16900 528bfef 16897->16900 16898 528bdfa LdrInitializeThunk 16898->16899 16899->16896 16900->16898 16900->16899 16902 528beb3 16901->16902 16903 528bf08 16902->16903 16905 5219660 LdrInitializeThunk 16902->16905 16903->16892 16905->16903 16907 521b648 16906->16907 16908 521b64b 16906->16908 16907->16837 16911 528b590 16908->16911 16910 521b74a __cftof 16910->16837 16914 528b260 16911->16914 16913 528b5a3 16913->16910 16972 522d08c 16914->16972 16916 528b26c GetPEB 16917 528b279 GetPEB 16916->16917 16919 528b293 16917->16919 16920 528b2ba 16919->16920 16921 528b48b 16919->16921 16971 528b54b 16919->16971 16922 528b414 16920->16922 16923 528b2c6 16920->16923 16924 5265720 __cftof 10 API calls 16921->16924 16929 5265720 __cftof 10 API calls 16922->16929 16926 528b32d 16923->16926 16927 528b2ce 16923->16927 16928 528b49e 16924->16928 16925 528b56b __cftof 16925->16913 16934 528b2eb 16926->16934 16939 528b396 16926->16939 16945 528b34d 16926->16945 16931 528b2da 16927->16931 16932 528b2f3 16927->16932 16937 5265720 __cftof 10 API calls 16928->16937 16933 528b427 16929->16933 16935 5265720 __cftof 10 API calls 16931->16935 16936 5265720 __cftof 10 API calls 16932->16936 16938 5265720 __cftof 10 API calls 16933->16938 16940 5265720 __cftof 10 API calls 16934->16940 16935->16934 16941 528b302 16936->16941 16942 528b4c2 16937->16942 16944 528b43e 16938->16944 16943 5265720 __cftof 10 API calls 16939->16943 16947 528b4fd 16940->16947 16948 5265720 __cftof 10 API calls 16941->16948 16949 528b4cc 16942->16949 16966 528b320 16942->16966 16950 528b3aa 16943->16950 16951 5265720 __cftof 10 API calls 16944->16951 16946 5265720 __cftof 10 API calls 16945->16946 16952 528b361 16946->16952 16953 528b519 16947->16953 16960 5265720 __cftof 10 API calls 16947->16960 16954 528b311 16948->16954 16955 5265720 __cftof 10 API calls 16949->16955 16956 528b38f 16950->16956 16957 528b3b6 16950->16957 16951->16966 16952->16956 16959 528b371 16952->16959 16961 5265720 __cftof 10 API calls 16953->16961 16962 5265720 __cftof 10 API calls 16954->16962 16955->16934 16964 5265720 __cftof 10 API calls 16956->16964 16963 5265720 __cftof 10 API calls 16957->16963 16958 5265720 __cftof 10 API calls 16958->16934 16967 5265720 __cftof 10 API calls 16959->16967 16960->16953 16968 528b528 16961->16968 16962->16966 16965 528b3c5 16963->16965 16964->16934 16969 5265720 __cftof 10 API calls 16965->16969 16966->16934 16966->16958 16967->16934 16970 5265720 __cftof 10 API calls 16968->16970 16968->16971 16969->16934 16970->16971 16971->16925 16973 5260c30 16971->16973 16972->16916 16974 5260c50 16973->16974 16982 5260c49 16973->16982 16975 526193b __cftof LdrInitializeThunk 16974->16975 16976 5260c5e 16975->16976 16977 5261c76 __cftof LdrInitializeThunk 16976->16977 16976->16982 16978 5260c70 16977->16978 16979 5260fec __cftof 12 API calls 16978->16979 16980 5260c91 16979->16980 16981 526193b __cftof LdrInitializeThunk 16980->16981 16981->16982 16982->16925 16989 5219670 16983->16989 16991 521967a 16989->16991 16992 5219681 16991->16992 16993 521968f LdrInitializeThunk 16991->16993 16995 51db180 __cftof 16994->16995 16996 51db1c0 __cftof 16995->16996 16997 51db1b0 GetPEB 16995->16997 16999 5234904 GetPEB 16996->16999 17002 51db1d1 __cftof 16996->17002 17004 521e2d0 16996->17004 16997->16996 16998 522d130 __cftof 10 API calls 17000 51db1de 16998->17000 16999->17002 17000->16792 17002->16998 17007 521e2ed 17004->17007 17006 521e2e8 17006->16996 17008 521e2fb 17007->17008 17009 521e30f 17007->17009 17016 521b58e 17008->17016 17011 521e332 17009->17011 17012 521e31e 17009->17012 17021 5222440 17011->17021 17013 521b58e __cftof 12 API calls 17012->17013 17015 521e307 _vswprintf_s 17013->17015 17015->17006 17017 51db150 __cftof 12 API calls 17016->17017 17018 521b627 17017->17018 17019 521b640 __cftof 12 API calls 17018->17019 17020 521b632 17019->17020 17020->17015 17022 522249a 17021->17022 17023 52224af 17021->17023 17025 521b58e __cftof 12 API calls 17022->17025 17024 52224b7 17023->17024 17032 52224cc __aulldvrm _vswprintf_s 17023->17032 17026 521b58e __cftof 12 API calls 17024->17026 17027 52224a4 17025->17027 17026->17027 17028 521b640 __cftof 12 API calls 17027->17028 17029 5222d6e 17028->17029 17029->17015 17030 5222d4f 17031 521b58e __cftof 12 API calls 17030->17031 17031->17027 17032->17027 17032->17030 17033 52258ee 12 API calls __cftof 17032->17033 17033->17032 17035 51d4dfa 17034->17035 17038 51d4dd1 17034->17038 17037 51d2e9f LdrInitializeThunk 17035->17037 17036 51d4df3 17036->16759 17037->17038 17038->17036 17053 51d4f2e 17038->17053 17106 522d0e8 17040->17106 17042 526ff1c GetPEB 17043 526ff43 GetPEB 17042->17043 17044 526ff2b 17042->17044 17046 526ff6e 17043->17046 17047 526ff4f 17043->17047 17044->17043 17045 526ffb1 17044->17045 17048 522d130 __cftof 12 API calls 17045->17048 17050 520e730 2 API calls 17046->17050 17049 5265720 __cftof 12 API calls 17047->17049 17051 526ffb6 17048->17051 17049->17046 17052 526ff7d 17050->17052 17051->16762 17052->16762 17054 5230b85 17053->17054 17057 51d4f3e 17053->17057 17055 5230b8b GetPEB 17054->17055 17056 5230b9a 17054->17056 17055->17056 17058 5230b9f 17055->17058 17062 52a88f5 17056->17062 17057->17054 17060 51d4f5b GetPEB 17057->17060 17060->17054 17061 51d4f6e 17060->17061 17061->17036 17063 52a8901 __cftof 17062->17063 17068 51dcc50 17063->17068 17065 52a891f 17066 522d130 __cftof 12 API calls 17065->17066 17067 52a8946 17066->17067 17067->17058 17069 51dcc79 17068->17069 17073 51dcc7e 17069->17073 17074 520b230 17069->17074 17070 521b640 __cftof 12 API calls 17071 51dcc89 17070->17071 17071->17065 17073->17070 17075 524a2f6 17074->17075 17076 520b26a 17074->17076 17076->17075 17078 524a2fd 17076->17078 17082 520b2ab __cftof 17076->17082 17077 521b640 __cftof 12 API calls 17080 520b2d0 17077->17080 17079 520b2b5 17078->17079 17092 52a5ba5 17078->17092 17079->17075 17079->17077 17080->17073 17082->17079 17084 51dccc0 17082->17084 17085 51dcd04 17084->17085 17091 51dcd95 17085->17091 17102 51db150 17085->17102 17088 51db150 __cftof 12 API calls 17089 5234e14 17088->17089 17090 51db150 __cftof 12 API calls 17089->17090 17090->17091 17091->17079 17093 52a5bb4 __cftof 17092->17093 17095 52a4c56 12 API calls 17093->17095 17099 52a5c10 17093->17099 17100 52a5c2a __cftof 17093->17100 17094 522d130 __cftof 12 API calls 17096 52a63e5 17094->17096 17095->17100 17096->17079 17098 5216de6 32 API calls 17098->17100 17099->17094 17100->17098 17100->17099 17101 52a60cf GetPEB 17100->17101 17105 5219710 LdrInitializeThunk 17100->17105 17101->17100 17103 51db171 __cftof 12 API calls 17102->17103 17104 51db16e 17103->17104 17104->17088 17105->17100 17106->17042 17107->16768 17108 520fab0 17109 520fac2 17108->17109 17110 520fb14 17108->17110 17111 51eeef0 27 API calls 17109->17111 17112 520facd 17111->17112 17113 520fadf 17112->17113 17117 520fb18 17112->17117 17114 51eeb70 33 API calls 17113->17114 17115 520faf1 17114->17115 17115->17110 17116 520fafa GetPEB 17115->17116 17116->17110 17118 520fb09 17116->17118 17124 524bdcb 17117->17124 17144 51e6d90 17117->17144 17154 51eff60 17118->17154 17122 520fc4b 17123 51e76e2 GetPEB 17123->17122 17126 51db150 __cftof 12 API calls 17124->17126 17128 524be19 17124->17128 17142 524bea7 17124->17142 17125 520fba7 17125->17122 17127 520fbe4 17125->17127 17162 520fd22 17125->17162 17126->17128 17127->17122 17131 524bf17 17127->17131 17132 520fc47 17127->17132 17128->17142 17174 51e75ce 17128->17174 17131->17122 17135 520fd22 GetPEB 17131->17135 17132->17122 17133 520fd22 GetPEB 17132->17133 17136 520fcb2 17133->17136 17134 524be54 17134->17122 17138 524be92 17134->17138 17178 51e76e2 17134->17178 17137 524bf22 17135->17137 17136->17122 17166 520fd9b 17136->17166 17137->17122 17139 520fd9b 3 API calls 17137->17139 17138->17142 17143 51e76e2 GetPEB 17138->17143 17139->17122 17142->17122 17142->17123 17143->17142 17145 51e6dba 17144->17145 17147 51e6da4 17144->17147 17182 5212e1c 17145->17182 17147->17122 17147->17124 17147->17125 17148 51e6dbf 17149 51eeef0 27 API calls 17148->17149 17150 51e6dca 17149->17150 17151 51e6dde 17150->17151 17187 51ddb60 17150->17187 17153 51eeb70 33 API calls 17151->17153 17153->17147 17155 51eff6d 17154->17155 17156 51eff99 17154->17156 17155->17156 17158 51eff80 GetPEB 17155->17158 17157 52a88f5 33 API calls 17156->17157 17159 51eff94 17157->17159 17158->17156 17160 51eff8f 17158->17160 17159->17110 17299 51f0050 17160->17299 17163 520fd3a 17162->17163 17165 520fd31 __cftof 17162->17165 17163->17165 17333 51e7608 17163->17333 17165->17127 17167 520fdba GetPEB 17166->17167 17168 520fdcc 17166->17168 17167->17168 17169 520fdf2 17168->17169 17170 524c0bd 17168->17170 17173 520fdfc 17168->17173 17171 51e76e2 GetPEB 17169->17171 17169->17173 17172 524c0d3 GetPEB 17170->17172 17170->17173 17171->17173 17172->17173 17173->17122 17175 51e75db 17174->17175 17176 51e75eb 17174->17176 17175->17176 17177 51e7608 GetPEB 17175->17177 17176->17134 17177->17176 17179 51e76fd 17178->17179 17180 51e76e6 17178->17180 17179->17138 17180->17179 17181 51e76ec GetPEB 17180->17181 17181->17179 17183 5212e32 17182->17183 17184 5212e57 17183->17184 17195 5219840 LdrInitializeThunk 17183->17195 17184->17148 17186 524df2e 17188 51ddb6d 17187->17188 17194 51ddb91 17187->17194 17188->17194 17196 51ddb40 GetPEB 17188->17196 17190 51ddb76 17190->17194 17198 51de7b0 17190->17198 17192 51ddb87 17193 5234fa6 GetPEB 17192->17193 17192->17194 17193->17194 17194->17151 17195->17186 17197 51ddb52 17196->17197 17197->17190 17199 51de7ce 17198->17199 17201 51de7e0 17198->17201 17200 51de7e8 17199->17200 17206 51e3d34 17199->17206 17205 51de7f6 17200->17205 17245 51ddca4 17200->17245 17201->17200 17204 51db150 __cftof 12 API calls 17201->17204 17204->17200 17205->17192 17207 5238213 17206->17207 17208 51e3d6c 17206->17208 17212 523822b GetPEB 17207->17212 17231 51e4068 17207->17231 17261 51e1b8f 17208->17261 17210 51e3d81 17210->17207 17211 51e3d89 17210->17211 17213 51e1b8f 2 API calls 17211->17213 17212->17231 17214 51e3d9e 17213->17214 17215 51e3da2 GetPEB 17214->17215 17216 51e3dba 17214->17216 17215->17216 17217 51e1b8f 2 API calls 17216->17217 17218 51e3dd2 17217->17218 17220 51e3e91 17218->17220 17224 51e3deb GetPEB 17218->17224 17218->17231 17219 5238344 GetPEB 17222 51e407a 17219->17222 17223 51e1b8f 2 API calls 17220->17223 17221 51e4085 17221->17201 17222->17221 17226 5238363 GetPEB 17222->17226 17225 51e3ea9 17223->17225 17238 51e3dfc __cftof 17224->17238 17227 51e3f6a 17225->17227 17229 51e3ec2 GetPEB 17225->17229 17225->17231 17226->17221 17228 51e1b8f 2 API calls 17227->17228 17230 51e3f82 17228->17230 17242 51e3ed3 __cftof 17229->17242 17230->17231 17232 51e3f9b GetPEB 17230->17232 17231->17219 17231->17222 17244 51e3fac __cftof 17232->17244 17233 51e3e74 17233->17220 17235 51e3e81 GetPEB 17233->17235 17234 51e3e62 GetPEB 17234->17233 17235->17220 17236 51e3f3b GetPEB 17237 51e3f4d 17236->17237 17237->17227 17239 51e3f5a GetPEB 17237->17239 17238->17231 17238->17233 17238->17234 17239->17227 17240 51e404f 17240->17231 17243 51e4058 GetPEB 17240->17243 17241 5238324 GetPEB 17241->17231 17242->17231 17242->17236 17242->17237 17243->17231 17244->17231 17244->17240 17244->17241 17247 51ddcfd 17245->17247 17259 51ddd6f __cftof 17245->17259 17246 51ddd47 17276 51ddbb1 17246->17276 17247->17246 17255 51ddfc2 17247->17255 17267 51de620 17247->17267 17249 5234ff2 17249->17249 17252 51ddfae 17252->17255 17289 52195d0 LdrInitializeThunk 17252->17289 17256 521b640 __cftof 12 API calls 17255->17256 17258 51ddfe4 17256->17258 17258->17205 17259->17249 17259->17252 17259->17255 17283 51de375 17259->17283 17288 52195d0 LdrInitializeThunk 17259->17288 17265 51e1ba9 __cftof 17261->17265 17266 51e1c05 17261->17266 17262 523701a GetPEB 17263 51e1c21 17262->17263 17263->17210 17264 51e1bf4 GetPEB 17264->17266 17265->17263 17265->17264 17265->17266 17266->17262 17266->17263 17268 5235503 17267->17268 17269 51de644 17267->17269 17269->17268 17290 51df358 17269->17290 17271 51de725 17274 51de729 GetPEB 17271->17274 17275 51de73b 17271->17275 17272 51de661 __cftof 17272->17271 17294 52195d0 LdrInitializeThunk 17272->17294 17274->17275 17275->17246 17295 51e766d 17276->17295 17278 51ddbcf 17278->17259 17279 51ddbf1 17278->17279 17280 51ddc05 17279->17280 17281 51e766d GetPEB 17280->17281 17282 51ddc22 17281->17282 17282->17259 17287 51de3a3 17283->17287 17284 521b640 __cftof 12 API calls 17285 51de400 17284->17285 17285->17259 17286 5235306 17287->17284 17287->17286 17288->17259 17289->17255 17291 51df370 17290->17291 17292 51df38c 17291->17292 17293 51df379 GetPEB 17291->17293 17292->17272 17293->17292 17294->17271 17297 51e7687 17295->17297 17296 51e76d3 17296->17278 17297->17296 17298 51e76c2 GetPEB 17297->17298 17298->17296 17300 51f0074 17299->17300 17301 51f009d GetPEB 17300->17301 17312 51f00ef 17300->17312 17303 523c01b 17301->17303 17304 51f00d0 17301->17304 17302 521b640 __cftof 12 API calls 17305 51f0105 17302->17305 17303->17304 17306 523c024 GetPEB 17303->17306 17307 51f00df 17304->17307 17308 523c037 17304->17308 17305->17159 17306->17304 17313 5209702 17307->17313 17317 52a8a62 17308->17317 17311 523c04b 17311->17311 17312->17302 17315 5209720 17313->17315 17316 5209784 17315->17316 17324 52a8214 17315->17324 17316->17312 17318 51f7d50 GetPEB 17317->17318 17319 52a8a9d 17318->17319 17320 52a8aa1 GetPEB 17319->17320 17321 52a8ab1 __cftof 17319->17321 17320->17321 17322 521b640 __cftof 12 API calls 17321->17322 17323 52a8ad7 17322->17323 17323->17311 17326 52a823b 17324->17326 17325 52a82c0 17325->17316 17326->17325 17328 5203b7a GetPEB 17326->17328 17332 5203bb5 __cftof 17328->17332 17329 5246298 17330 5203c1b GetPEB 17331 5203c35 17330->17331 17331->17325 17332->17329 17332->17330 17332->17332 17334 51e7620 17333->17334 17335 51e766d GetPEB 17334->17335 17336 51e7632 17335->17336 17336->17165 17658 52135b1 17659 52135ca 17658->17659 17660 52135f2 17658->17660 17659->17660 17661 51e7608 GetPEB 17659->17661 17661->17660 17337 5219670 17338 521967a __cftof LdrInitializeThunk 17337->17338 17436 51d1e04 17437 51d1e10 __cftof 17436->17437 17438 51d1e37 __cftof 17437->17438 17439 529a80d 28 API calls 17437->17439 17440 522f18b 17439->17440 17558 51d9240 17559 51d924c __cftof 17558->17559 17560 51d925f 17559->17560 17576 52195d0 LdrInitializeThunk 17559->17576 17577 51d9335 17560->17577 17564 51d9335 LdrInitializeThunk 17565 51d9276 17564->17565 17582 52195d0 LdrInitializeThunk 17565->17582 17567 51d927e GetPEB 17568 51f77f0 17567->17568 17569 51d929a GetPEB 17568->17569 17570 51f77f0 17569->17570 17571 51d92b6 GetPEB 17570->17571 17573 51d92d2 17571->17573 17572 51d9330 17573->17572 17574 51d9305 GetPEB 17573->17574 17575 51d931f __cftof 17574->17575 17576->17560 17583 52195d0 LdrInitializeThunk 17577->17583 17579 51d9342 17584 52195d0 LdrInitializeThunk 17579->17584 17581 51d926b 17581->17564 17582->17567 17583->17579 17584->17581 17674 52902f7 17675 5290323 17674->17675 17677 52903b0 17675->17677 17688 5290a28 17675->17688 17678 52903d1 17677->17678 17722 529bcd2 17677->17722 17679 5290342 17679->17677 17692 529bbbb 17679->17692 17682 529035f 17682->17677 17701 52adfce 17682->17701 17689 5290a57 17688->17689 17691 5290a4d 17688->17691 17726 5204e70 17689->17726 17691->17679 17693 529bbde 17692->17693 17732 529bd54 17693->17732 17696 529bc3e 17746 529aa16 17696->17746 17697 529bc17 17736 529f9a1 17697->17736 17699 529bc3c 17699->17682 17704 52adff0 17701->17704 17706 52ae19d 17701->17706 17702 521b640 __cftof 12 API calls 17703 5290388 17702->17703 17703->17677 17709 52903da 17703->17709 17704->17706 18448 52ae62a 17704->18448 17706->17702 17708 52ae1cd 17708->17706 18456 52ae5b6 17708->18456 17710 529bbbb 267 API calls 17709->17710 17712 5290404 17710->17712 17711 529039a 17711->17677 17718 52ae4b3 17711->17718 17712->17711 17713 529058b 17712->17713 18470 5290150 17712->18470 17713->17711 17714 529bcd2 256 API calls 17713->17714 17714->17711 17720 52ae4c9 17718->17720 17719 52ae5a7 17719->17677 17720->17719 17721 52ae5b6 12 API calls 17720->17721 17721->17719 17723 529bceb 17722->17723 18476 529ae44 17723->18476 17727 5204e94 17726->17727 17731 5204ec0 17726->17731 17728 521b640 __cftof 12 API calls 17727->17728 17729 5204eac 17728->17729 17729->17691 17730 5288df1 13 API calls 17730->17727 17731->17727 17731->17730 17733 529bc04 17732->17733 17734 529bd63 17732->17734 17733->17696 17733->17697 17733->17699 17735 5204e70 13 API calls 17734->17735 17735->17733 17737 529f9d6 17736->17737 17758 52a022c 17737->17758 17739 529f9e1 17740 529f9e7 17739->17740 17741 529fa16 17739->17741 17764 52a05ac 17739->17764 17740->17699 17744 529fa1a __cftof 17741->17744 17780 52a070d 17741->17780 17744->17740 17794 52a0a13 17744->17794 17748 529aa44 17746->17748 17747 529aa66 17750 51f7d50 GetPEB 17747->17750 17748->17747 18268 529ab54 17748->18268 17751 529ab0f 17750->17751 17752 529ab23 17751->17752 17753 529ab13 GetPEB 17751->17753 17754 529ab49 17752->17754 17755 529ab2d GetPEB 17752->17755 17753->17752 17754->17699 17755->17754 17756 529ab3c 17755->17756 18280 529131b 17756->18280 17760 52a0278 17758->17760 17759 52a02c2 17763 52a02e9 17759->17763 17829 522cf85 17759->17829 17760->17759 17802 52a0ea5 17760->17802 17763->17739 17765 52a05d1 17764->17765 17766 52a06db 17765->17766 17768 529a80d 28 API calls 17765->17768 17769 52a0652 17765->17769 17766->17741 17767 529a854 33 API calls 17770 52a0672 17767->17770 17768->17769 17769->17767 17770->17766 17984 52a1293 17770->17984 17773 51f7d50 GetPEB 17774 52a069c 17773->17774 17775 52a06b0 17774->17775 17776 52a06a0 GetPEB 17774->17776 17775->17766 17777 52a06ba GetPEB 17775->17777 17776->17775 17777->17766 17778 52a06c9 17777->17778 17779 529138a 14 API calls 17778->17779 17779->17766 17781 52a0734 17780->17781 17782 52a07d2 17781->17782 17783 529afde 33 API calls 17781->17783 17782->17744 17784 52a0782 17783->17784 17785 52a1293 33 API calls 17784->17785 17786 52a078e 17785->17786 17787 51f7d50 GetPEB 17786->17787 17788 52a0793 17787->17788 17789 52a07a7 17788->17789 17790 52a0797 GetPEB 17788->17790 17789->17782 17791 52a07b1 GetPEB 17789->17791 17790->17789 17791->17782 17792 52a07c0 17791->17792 17988 52914fb 17792->17988 17795 52a0a3c 17794->17795 17996 52a0392 17795->17996 17798 522cf85 33 API calls 17799 52a0aec 17798->17799 17800 52a0b19 17799->17800 17801 52a1074 35 API calls 17799->17801 17800->17740 17801->17800 17833 529ff69 17802->17833 17804 52a105b 17827 52a1055 17804->17827 17865 52a1074 17804->17865 17807 52a0ecb 17807->17804 17809 529a80d 28 API calls 17807->17809 17812 52a0f32 17807->17812 17808 52a0fab 17811 51f7d50 GetPEB 17808->17811 17809->17812 17814 52a0fcf 17811->17814 17839 529a854 17812->17839 17813 52a0f50 17813->17804 17813->17808 17847 52a15b5 17813->17847 17815 52a0fe3 17814->17815 17816 52a0fd3 GetPEB 17814->17816 17817 52a100e 17815->17817 17818 52a0fed GetPEB 17815->17818 17816->17815 17819 51f7d50 GetPEB 17817->17819 17818->17817 17820 52a0ffc 17818->17820 17821 52a1013 17819->17821 17822 529138a 14 API calls 17820->17822 17823 52a1027 17821->17823 17824 52a1017 GetPEB 17821->17824 17822->17817 17825 52a1041 17823->17825 17851 528fec0 17823->17851 17824->17823 17825->17827 17859 52952f8 17825->17859 17827->17759 17830 522cf98 17829->17830 17831 522cfb1 17830->17831 17832 52952f8 33 API calls 17830->17832 17831->17763 17832->17831 17834 529ffd1 17833->17834 17837 529ff9f 17833->17837 17835 529a854 33 API calls 17834->17835 17836 529fff1 17835->17836 17836->17807 17837->17834 17838 529a80d 28 API calls 17837->17838 17838->17834 17840 529a8c0 17839->17840 17842 529a941 17839->17842 17840->17842 17877 529f021 17840->17877 17843 529aa00 17842->17843 17881 52953d9 17842->17881 17845 521b640 __cftof 12 API calls 17843->17845 17846 529aa10 17845->17846 17846->17813 17848 52a15d0 17847->17848 17850 52a15d7 17847->17850 17849 52a165e LdrInitializeThunk 17848->17849 17849->17850 17850->17813 17852 528fee5 __cftof 17851->17852 17853 51f7d50 GetPEB 17852->17853 17854 528ff02 17853->17854 17855 528ff06 GetPEB 17854->17855 17856 528ff16 __cftof 17854->17856 17855->17856 17857 521b640 __cftof 12 API calls 17856->17857 17858 528ff3b 17857->17858 17858->17825 17860 5295321 17859->17860 17861 52953c7 17859->17861 17862 5257b9c 33 API calls 17860->17862 17863 521b640 __cftof 12 API calls 17861->17863 17862->17861 17864 52953d5 17863->17864 17864->17827 17866 52a10b0 17865->17866 17867 52a1095 17865->17867 17942 529afde 17866->17942 17868 52a165e LdrInitializeThunk 17867->17868 17868->17866 17871 51f7d50 GetPEB 17872 52a10cd 17871->17872 17873 52a10e1 17872->17873 17874 52a10d1 GetPEB 17872->17874 17875 52a10fa 17873->17875 17951 528fe3f 17873->17951 17874->17873 17875->17827 17878 529f03a 17877->17878 17895 529ee22 17878->17895 17882 5295552 17881->17882 17883 52953f7 17881->17883 17886 5257b9c 33 API calls 17882->17886 17893 529547c 17882->17893 17884 5295403 17883->17884 17885 52954eb 17883->17885 17887 529540b 17884->17887 17888 5295481 17884->17888 17890 5257b9c 33 API calls 17885->17890 17885->17893 17886->17893 17887->17893 17926 5257b9c 17887->17926 17892 5257b9c 33 API calls 17888->17892 17888->17893 17889 521b640 __cftof 12 API calls 17891 52955bd 17889->17891 17890->17893 17891->17843 17892->17893 17893->17889 17896 529ee5d 17895->17896 17900 529ee73 17896->17900 17901 529ef09 17896->17901 17897 529eef5 17898 521b640 __cftof 12 API calls 17897->17898 17899 529efd4 17898->17899 17899->17842 17900->17897 17906 529f607 17900->17906 17901->17897 17911 529f8c5 17901->17911 17907 529f626 17906->17907 17908 529eedd 17907->17908 17917 52a165e 17907->17917 17908->17897 17910 52196e0 LdrInitializeThunk 17908->17910 17910->17897 17912 529f8ea 17911->17912 17913 529f932 17912->17913 17914 529f607 LdrInitializeThunk 17912->17914 17913->17897 17915 529f90f 17914->17915 17915->17913 17925 52196e0 LdrInitializeThunk 17915->17925 17918 52a166a __cftof 17917->17918 17919 52a1869 __cftof 17918->17919 17921 52a1d55 17918->17921 17919->17907 17923 52a1d61 __cftof 17921->17923 17922 52a1fc5 __cftof 17922->17918 17923->17922 17924 52196e0 __cftof LdrInitializeThunk 17923->17924 17924->17922 17925->17913 17929 5211130 17926->17929 17932 521115f 17929->17932 17933 52111a8 17932->17933 17934 524cd96 17932->17934 17933->17934 17937 524cd9d 17933->17937 17940 52111e9 __cftof 17933->17940 17935 52112bd 17935->17934 17936 521b640 __cftof 12 API calls 17935->17936 17939 5211159 17936->17939 17937->17935 17938 52a5ba5 33 API calls 17937->17938 17938->17935 17939->17893 17940->17935 17941 51dccc0 __cftof 12 API calls 17940->17941 17941->17935 17943 529b00a 17942->17943 17945 529b039 17942->17945 17944 529b00e 17943->17944 17943->17945 17948 529b026 17944->17948 17959 529f209 17944->17959 17946 529b035 17945->17946 17968 52196e0 LdrInitializeThunk 17945->17968 17946->17948 17950 52953d9 33 API calls 17946->17950 17948->17871 17950->17948 17952 528fe64 __cftof 17951->17952 17953 51f7d50 GetPEB 17952->17953 17954 528fe81 17953->17954 17955 528fe85 GetPEB 17954->17955 17956 528fe95 __cftof 17954->17956 17955->17956 17957 521b640 __cftof 12 API calls 17956->17957 17958 528feba 17957->17958 17958->17875 17960 529f23b 17959->17960 17961 529f27a 17960->17961 17962 529f241 17960->17962 17967 529f28f __cftof 17961->17967 17970 52196e0 LdrInitializeThunk 17961->17970 17969 52196e0 LdrInitializeThunk 17962->17969 17966 529f26d 17966->17946 17967->17966 17971 529f7dd 17967->17971 17968->17946 17969->17966 17970->17967 17972 529f803 17971->17972 17977 529f4a1 17972->17977 17976 529f82d 17976->17966 17978 529f4bc 17977->17978 17979 52a165e LdrInitializeThunk 17978->17979 17981 529f4ea 17979->17981 17980 529f51c 17983 52196e0 LdrInitializeThunk 17980->17983 17981->17980 17982 52a165e LdrInitializeThunk 17981->17982 17982->17981 17983->17976 17985 52a0697 17984->17985 17986 52a12b2 17984->17986 17985->17773 17987 52952f8 33 API calls 17986->17987 17987->17985 17989 5291520 __cftof 17988->17989 17990 51f7d50 GetPEB 17989->17990 17991 5291543 17990->17991 17992 5291547 GetPEB 17991->17992 17993 5291557 __cftof 17991->17993 17992->17993 17994 521b640 __cftof 12 API calls 17993->17994 17995 529157c 17994->17995 17995->17782 17999 52a03a0 17996->17999 17997 52a0589 17997->17798 17998 52a070d 36 API calls 17998->17999 17999->17997 17999->17998 18001 527da47 17999->18001 18002 527da9b 18001->18002 18003 527da51 18001->18003 18002->17999 18003->18002 18007 51fc4a0 18003->18007 18024 51fc577 18007->18024 18009 51fc4cc 18017 51fc52c 18009->18017 18032 51fc182 18009->18032 18010 521b640 __cftof 12 API calls 18011 51fc545 18010->18011 18011->18002 18018 529526e 18011->18018 18013 51fc515 18013->18017 18043 51fdbe9 18013->18043 18014 51fc4f9 18014->18013 18014->18017 18061 51fe180 18014->18061 18017->18010 18019 529528d 18018->18019 18020 52952a4 18018->18020 18021 5257b9c 33 API calls 18019->18021 18022 521b640 __cftof 12 API calls 18020->18022 18021->18020 18023 52952af 18022->18023 18023->18002 18025 51fc5b5 18024->18025 18029 51fc583 18024->18029 18026 51fc5ce 18025->18026 18027 51fc5bb GetPEB 18025->18027 18028 52a88f5 33 API calls 18026->18028 18027->18026 18030 51fc5ad 18027->18030 18028->18030 18029->18025 18031 51fc59e GetPEB 18029->18031 18030->18009 18031->18025 18031->18030 18033 51fc1c4 18032->18033 18042 51fc1a2 18032->18042 18034 51f7d50 GetPEB 18033->18034 18035 51fc1dc 18034->18035 18036 5242d65 GetPEB 18035->18036 18037 51fc1e4 18035->18037 18038 5242d78 18036->18038 18037->18038 18040 51fc1f2 18037->18040 18082 52a8d34 18038->18082 18040->18042 18064 51fb944 18040->18064 18042->18014 18044 51fdc05 18043->18044 18053 51fdc54 18044->18053 18111 51d4510 18044->18111 18045 51f7d50 GetPEB 18047 51fdd10 18045->18047 18049 51fdd18 18047->18049 18050 5243aff GetPEB 18047->18050 18052 5243b12 18049->18052 18056 51fdd29 18049->18056 18050->18052 18051 51dcc50 33 API calls 18051->18053 18119 52a8ed6 18052->18119 18053->18045 18055 5243b1b 18055->18055 18103 51fdd82 18056->18103 18059 51fb944 17 API calls 18060 51fdd45 18059->18060 18060->18017 18062 51fc577 35 API calls 18061->18062 18063 51fe198 18062->18063 18063->18013 18065 51fbadd 18064->18065 18076 51fb980 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18064->18076 18067 51f7d50 GetPEB 18065->18067 18073 51fbab7 18065->18073 18066 521b640 __cftof 12 API calls 18068 51fbad9 18066->18068 18069 51fbaee 18067->18069 18068->18042 18070 51fbaf6 18069->18070 18071 5242caf GetPEB 18069->18071 18070->18073 18089 52a8cd6 18070->18089 18077 5242cc2 GetPEB 18071->18077 18072 51f7d50 GetPEB 18074 51fbaa1 18072->18074 18073->18066 18074->18077 18078 51fbaa9 18074->18078 18076->18072 18076->18073 18079 5242cd5 18077->18079 18078->18073 18078->18079 18096 52a8f6a 18079->18096 18081 5242ce2 18081->18081 18083 51f7d50 GetPEB 18082->18083 18084 52a8d5a 18083->18084 18085 52a8d5e GetPEB 18084->18085 18086 52a8d6e __cftof 18084->18086 18085->18086 18087 521b640 __cftof 12 API calls 18086->18087 18088 52a8d91 18087->18088 18088->18042 18090 51f7d50 GetPEB 18089->18090 18091 52a8cf9 18090->18091 18092 52a8cfd GetPEB 18091->18092 18093 52a8d0d __cftof 18091->18093 18092->18093 18094 521b640 __cftof 12 API calls 18093->18094 18095 52a8d30 18094->18095 18095->18073 18097 51f7d50 GetPEB 18096->18097 18098 52a8f9c 18097->18098 18099 52a8fa0 GetPEB 18098->18099 18100 52a8fb0 __cftof 18098->18100 18099->18100 18101 521b640 __cftof 12 API calls 18100->18101 18102 52a8fd3 18101->18102 18102->18081 18105 51fddbc 18103->18105 18104 51eeef0 27 API calls 18104->18105 18105->18104 18106 51fdeee 18105->18106 18109 51fdd3b 18105->18109 18107 51eeb70 33 API calls 18106->18107 18108 51fdf0b 18107->18108 18108->18109 18126 51fdf70 18108->18126 18109->18059 18112 51d4523 18111->18112 18113 51d458f 18111->18113 18112->18113 18114 51db150 __cftof 12 API calls 18112->18114 18113->18051 18115 52308f7 18114->18115 18116 51db150 __cftof 12 API calls 18115->18116 18117 5230901 18116->18117 18118 51db150 __cftof 12 API calls 18117->18118 18118->18113 18120 51f7d50 GetPEB 18119->18120 18121 52a8f2f 18120->18121 18122 52a8f33 GetPEB 18121->18122 18123 52a8f43 __cftof 18121->18123 18122->18123 18124 521b640 __cftof 12 API calls 18123->18124 18125 52a8f66 18124->18125 18125->18055 18127 51fdf7c __cftof 18126->18127 18128 51fdfba 18127->18128 18129 51fdfe5 18127->18129 18147 51fdfbf 18127->18147 18148 51ee510 18128->18148 18133 51fe07c 18129->18133 18134 51fdff2 18129->18134 18132 51fdfdf __cftof 18132->18109 18245 520f8f2 18133->18245 18136 51fdffb 18134->18136 18137 51fe075 18134->18137 18176 5200075 18136->18176 18231 52036e9 18137->18231 18140 51fe000 18141 51fe01e 18140->18141 18142 5243b30 18140->18142 18140->18147 18141->18147 18204 51db1e1 18141->18204 18260 5255510 18142->18260 18167 51fe090 18147->18167 18149 51eb02a 20 API calls 18148->18149 18164 51ee57e 18149->18164 18150 51ee8b4 18151 51e8794 63 API calls 18150->18151 18166 51ee8ec 18150->18166 18153 51ee8d0 18151->18153 18152 51ee904 18156 51ee90c 18152->18156 18157 51db1e1 19 API calls 18152->18157 18158 51eb02a 20 API calls 18153->18158 18153->18166 18154 52197a0 __cftof LdrInitializeThunk 18154->18152 18155 51ee95a 18155->18147 18156->18147 18159 523b98c 18157->18159 18158->18166 18160 523b7e9 18161 5255510 12 API calls 18160->18161 18160->18166 18161->18166 18162 51ee783 18163 5255510 12 API calls 18162->18163 18162->18166 18163->18166 18164->18150 18164->18155 18164->18160 18164->18162 18165 522cdfa 12 API calls 18164->18165 18164->18166 18165->18164 18166->18152 18166->18154 18168 5243b90 18167->18168 18169 51fe099 18167->18169 18170 51db1e1 19 API calls 18168->18170 18172 51fe0e1 18169->18172 18173 51eeef0 27 API calls 18169->18173 18171 5243ba6 18170->18171 18171->18171 18172->18132 18174 51fe0bc 18173->18174 18175 51eeb70 33 API calls 18174->18175 18175->18172 18177 52000ea __cftof 18176->18177 18178 52000d9 18176->18178 18180 51ffda0 98 API calls 18177->18180 18181 5200223 18177->18181 18182 51ea8c0 14 API calls 18177->18182 18189 51dad30 GetPEB 18177->18189 18190 52002d6 GetPEB 18177->18190 18191 52002f3 53 API calls 18177->18191 18195 52003e2 233 API calls 18177->18195 18178->18177 18179 51fc07f 20 API calls 18178->18179 18179->18177 18180->18177 18183 52002ba 18181->18183 18184 520022f 18181->18184 18182->18177 18185 520f99e 64 API calls 18183->18185 18186 520002d 6 API calls 18184->18186 18187 520023c 18185->18187 18188 5200234 18186->18188 18193 5244c11 18187->18193 18194 520024a 18187->18194 18188->18187 18192 5256dc9 62 API calls 18188->18192 18189->18177 18190->18177 18191->18177 18192->18187 18196 51dad30 GetPEB 18193->18196 18197 52002d6 GetPEB 18194->18197 18195->18177 18198 5244c1a 18196->18198 18199 520026a 18197->18199 18198->18198 18200 5200274 18199->18200 18202 520b390 GetPEB 18199->18202 18201 521b640 __cftof 12 API calls 18200->18201 18203 5200287 18201->18203 18202->18200 18203->18140 18205 51f7d50 GetPEB 18204->18205 18206 51db1f1 18205->18206 18207 51db1f9 18206->18207 18208 5234a0e GetPEB 18206->18208 18209 5234a21 GetPEB 18207->18209 18216 51db207 18207->18216 18208->18209 18210 5234a34 18209->18210 18209->18216 18211 51f7d50 GetPEB 18210->18211 18212 5234a39 18211->18212 18213 5234a4d 18212->18213 18214 5234a3d GetPEB 18212->18214 18215 5257016 16 API calls 18213->18215 18213->18216 18214->18213 18215->18216 18217 51daa16 18216->18217 18218 5234458 GetPEB 18217->18218 18219 51daa42 18217->18219 18220 51daa52 __cftof 18218->18220 18219->18218 18219->18220 18222 5205e50 47 API calls 18220->18222 18229 51daa64 18220->18229 18221 521b640 __cftof 12 API calls 18223 51daa71 18221->18223 18224 52344ad 18222->18224 18223->18147 18225 52344e6 18224->18225 18226 520b230 33 API calls 18224->18226 18227 52344ee GetPEB 18225->18227 18225->18229 18228 52344db 18226->18228 18227->18229 18230 51df7a0 35 API calls 18228->18230 18229->18221 18230->18225 18232 51e6a3a 53 API calls 18231->18232 18233 5203743 18232->18233 18234 5203792 18233->18234 18236 52002f3 53 API calls 18233->18236 18235 52037a5 18234->18235 18237 52003e2 233 API calls 18234->18237 18238 52037b9 18235->18238 18239 51dad30 GetPEB 18235->18239 18242 5203760 18236->18242 18237->18235 18240 521b640 __cftof 12 API calls 18238->18240 18239->18238 18241 52037cc 18240->18241 18241->18140 18242->18234 18243 52037d0 18242->18243 18244 520f99e 64 API calls 18243->18244 18244->18235 18246 520f948 18245->18246 18247 520f952 18246->18247 18248 520f97e 18246->18248 18249 520f99e 64 API calls 18247->18249 18250 51e6b6b 52 API calls 18248->18250 18251 520f959 18249->18251 18252 520f989 18250->18252 18253 520f967 18251->18253 18254 524bdad 18251->18254 18252->18251 18256 52003e2 233 API calls 18252->18256 18255 521b640 __cftof 12 API calls 18253->18255 18257 51dad30 GetPEB 18254->18257 18259 520f97a 18255->18259 18256->18251 18258 524bdb6 18257->18258 18258->18258 18259->18140 18265 5255543 18260->18265 18261 5255612 18262 521b640 __cftof 12 API calls 18261->18262 18264 525561f 18262->18264 18263 5255767 12 API calls 18266 52555f6 18263->18266 18264->18147 18265->18261 18265->18263 18267 51db171 __cftof 12 API calls 18266->18267 18267->18261 18269 529ab79 18268->18269 18270 529ab88 18268->18270 18287 529cac9 18269->18287 18271 529abb1 18270->18271 18272 529aba4 18270->18272 18279 529ab8f 18270->18279 18275 529abc1 18271->18275 18276 529abb6 18271->18276 18293 52a28ec 18272->18293 18302 529e539 18275->18302 18277 529f9a1 255 API calls 18276->18277 18277->18279 18279->17747 18281 51f7d50 GetPEB 18280->18281 18282 529134d 18281->18282 18283 5291351 GetPEB 18282->18283 18284 5291361 __cftof 18282->18284 18283->18284 18285 521b640 __cftof 12 API calls 18284->18285 18286 5291384 18285->18286 18286->17754 18288 529cadd 18287->18288 18290 529cafc 18288->18290 18323 529c8f7 18288->18323 18292 529cb00 __cftof 18290->18292 18327 529d12f 18290->18327 18292->18270 18300 52a2908 18293->18300 18295 52a29f5 18296 52a2a8c 18295->18296 18297 52a2a60 18295->18297 18430 52a25dd 18296->18430 18299 529a80d 28 API calls 18297->18299 18301 52a2a70 __cftof 18299->18301 18300->18295 18300->18301 18426 52a3149 18300->18426 18301->18279 18303 529bbbb 266 API calls 18302->18303 18311 529e567 18303->18311 18304 529e635 18306 529afde 33 API calls 18304->18306 18309 529e804 18304->18309 18305 529e618 18305->18304 18310 529bcd2 256 API calls 18305->18310 18306->18309 18307 529e5f6 18308 529a854 33 API calls 18307->18308 18316 529e614 18308->18316 18309->18279 18310->18304 18311->18304 18311->18305 18311->18307 18313 529a80d 28 API calls 18311->18313 18312 529e68f 18314 529a854 33 API calls 18312->18314 18313->18307 18317 529e6ae 18314->18317 18315 529a80d 28 API calls 18315->18312 18316->18305 18316->18312 18316->18315 18317->18305 18318 51f7d50 GetPEB 18317->18318 18319 529e7a8 18318->18319 18320 529e7ac GetPEB 18319->18320 18321 529e7c0 18319->18321 18320->18321 18321->18309 18322 528fec0 14 API calls 18321->18322 18322->18305 18324 529c94b 18323->18324 18325 529c915 18323->18325 18324->18290 18325->18324 18343 529c43e 18325->18343 18332 529d15d 18327->18332 18328 529d29e 18353 529d38e 18328->18353 18330 529d2ac 18337 529d2c1 18330->18337 18358 529dbd2 18330->18358 18332->18328 18334 529d2d8 18332->18334 18332->18337 18347 529d616 18332->18347 18335 529d38e 13 API calls 18334->18335 18340 529d2e8 18335->18340 18336 529d31c 18339 529d330 18336->18339 18373 529c52d 18336->18373 18337->18336 18367 529c7a2 18337->18367 18339->18292 18340->18337 18342 529dbd2 243 API calls 18340->18342 18342->18337 18346 529c46c __cftof 18343->18346 18344 521b640 __cftof 12 API calls 18345 529c529 18344->18345 18345->18324 18346->18344 18352 529d651 18347->18352 18348 529d757 18349 521b640 __cftof 12 API calls 18348->18349 18351 529d85e 18349->18351 18351->18332 18352->18348 18377 529def6 18352->18377 18395 51d774a 18353->18395 18355 529d3d2 18357 529d419 18355->18357 18400 529d466 18355->18400 18357->18330 18360 529dc12 18358->18360 18364 529dd1f 18358->18364 18359 529dcca 18359->18337 18360->18359 18361 529dcd1 18360->18361 18362 529dcb2 18360->18362 18361->18364 18404 529d8df 18361->18404 18363 529a80d 28 API calls 18362->18363 18363->18359 18364->18359 18365 529c52d 243 API calls 18364->18365 18365->18359 18368 529c7c6 __cftof 18367->18368 18372 529c863 18368->18372 18410 529c59e 18368->18410 18369 521b640 __cftof 12 API calls 18370 529c87f 18369->18370 18370->18336 18372->18369 18376 529c548 18373->18376 18374 529c595 18374->18339 18376->18374 18414 529db14 18376->18414 18378 529dfe8 18377->18378 18381 529a6b3 18378->18381 18386 5201164 18381->18386 18384 5201164 13 API calls 18385 529a6d7 18384->18385 18385->18348 18387 5245490 18386->18387 18391 520117f 18386->18391 18389 5219670 __cftof LdrInitializeThunk 18387->18389 18389->18391 18392 5205720 18391->18392 18393 5204e70 13 API calls 18392->18393 18394 5201185 18393->18394 18394->18384 18396 51d777a 18395->18396 18397 52328d8 18395->18397 18396->18355 18398 5201164 13 API calls 18397->18398 18399 52328dd 18398->18399 18401 529d4bc 18400->18401 18402 521b640 __cftof 12 API calls 18401->18402 18403 529d591 18402->18403 18403->18357 18407 529d917 18404->18407 18405 521b640 __cftof 12 API calls 18406 529da95 18405->18406 18406->18364 18408 529d96d 18407->18408 18409 527da47 243 API calls 18407->18409 18408->18405 18409->18408 18411 529c5c9 18410->18411 18412 521b640 __cftof 12 API calls 18411->18412 18413 529c5f9 18412->18413 18413->18372 18415 529db4f 18414->18415 18416 529dbae 18414->18416 18418 521b640 __cftof 12 API calls 18415->18418 18420 529c95a 18416->18420 18419 529dbcc 18418->18419 18419->18374 18421 529c9e8 18420->18421 18425 529c99f 18420->18425 18422 529d8df 243 API calls 18421->18422 18422->18425 18423 521b640 __cftof 12 API calls 18424 529ca15 18423->18424 18424->18415 18425->18423 18429 52a3169 18426->18429 18427 521b640 __cftof 12 API calls 18428 52a31ce 18427->18428 18428->18300 18429->18427 18433 52a2603 18430->18433 18431 52a286b 18431->18301 18432 52a27a5 18432->18431 18440 52a241a 18432->18440 18433->18432 18436 52a2fbd 18433->18436 18437 52a2fe4 18436->18437 18438 521b640 __cftof 12 API calls 18437->18438 18439 52a30f0 18438->18439 18439->18432 18442 52a242f 18440->18442 18443 52a246c 18442->18443 18444 52a22ae 18442->18444 18443->18431 18445 52a22dd 18444->18445 18446 52a2fbd 12 API calls 18445->18446 18447 52a23ee 18445->18447 18446->18447 18447->18442 18453 52ae667 __cftof 18448->18453 18449 52ae66f 18450 521b640 __cftof 12 API calls 18449->18450 18451 52ae725 18450->18451 18451->17708 18452 52ae704 18452->18449 18454 52ae5b6 12 API calls 18452->18454 18453->18449 18453->18452 18462 52ae824 18453->18462 18454->18449 18457 52ae608 18456->18457 18458 52ae5e1 18456->18458 18460 521b640 __cftof 12 API calls 18457->18460 18458->18457 18466 52aed52 18458->18466 18461 52ae626 18460->18461 18461->17706 18465 52ae853 __cftof 18462->18465 18463 521b640 __cftof 12 API calls 18464 52aed3b 18463->18464 18464->18453 18465->18463 18469 52aed73 18466->18469 18467 521b640 __cftof 12 API calls 18468 52aee6d 18467->18468 18468->18458 18469->18467 18471 529bbbb 267 API calls 18470->18471 18472 529016d 18471->18472 18472->17713 18473 5290180 18472->18473 18474 529bcd2 256 API calls 18473->18474 18475 5290199 18474->18475 18475->17713 18478 529ae6a 18476->18478 18477 529af3d 18479 529af6c 18477->18479 18480 529afc3 18477->18480 18478->18477 18481 529af27 18478->18481 18485 529af38 18478->18485 18494 529ea55 18479->18494 18516 529fde2 18480->18516 18484 529a80d 28 API calls 18481->18484 18484->18485 18485->17678 18487 51f7d50 GetPEB 18488 529af85 18487->18488 18489 529af99 18488->18489 18490 529af89 GetPEB 18488->18490 18489->18485 18491 529afa3 GetPEB 18489->18491 18490->18489 18491->18485 18492 529afb2 18491->18492 18492->18485 18509 5291608 18492->18509 18495 529ea74 18494->18495 18496 529ea8d 18495->18496 18498 529eab0 18495->18498 18497 529a80d 28 API calls 18496->18497 18499 529af7a 18497->18499 18500 529afde 33 API calls 18498->18500 18499->18487 18501 529eb12 18500->18501 18502 529bcd2 255 API calls 18501->18502 18503 529eb3d 18502->18503 18504 51f7d50 GetPEB 18503->18504 18505 529eb48 18504->18505 18506 529eb4c GetPEB 18505->18506 18507 529eb60 18505->18507 18506->18507 18507->18499 18508 528fe3f 14 API calls 18507->18508 18508->18499 18510 51f7d50 GetPEB 18509->18510 18511 5291634 18510->18511 18512 5291638 GetPEB 18511->18512 18513 5291648 __cftof 18511->18513 18512->18513 18514 521b640 __cftof 12 API calls 18513->18514 18515 529166b 18514->18515 18515->18485 18517 529fdf5 18516->18517 18518 529fdfe 18517->18518 18519 529fe12 18517->18519 18520 529a80d 28 API calls 18518->18520 18521 529febd 18519->18521 18522 529fe2c 18519->18522 18523 529fe0d 18520->18523 18526 52a0a13 248 API calls 18521->18526 18524 529fe45 18522->18524 18525 529fe35 18522->18525 18523->18485 18545 52a2b28 18524->18545 18529 529dbd2 243 API calls 18525->18529 18528 529fecb 18526->18528 18531 51f7d50 GetPEB 18528->18531 18532 529fe41 18529->18532 18530 529fe55 18530->18532 18537 529c8f7 12 API calls 18530->18537 18533 529fed3 18531->18533 18536 51f7d50 GetPEB 18532->18536 18534 529fee7 18533->18534 18535 529fed7 GetPEB 18533->18535 18534->18523 18539 529fef1 GetPEB 18534->18539 18535->18534 18538 529fe77 18536->18538 18537->18532 18540 529fe8b 18538->18540 18541 529fe7b GetPEB 18538->18541 18539->18523 18544 529fea4 18539->18544 18540->18523 18542 529fe95 GetPEB 18540->18542 18541->18540 18542->18523 18542->18544 18543 5291608 14 API calls 18543->18523 18544->18523 18544->18543 18546 52a2b46 18545->18546 18547 52a2bbf 18546->18547 18549 52a2bd3 18546->18549 18548 529a80d 28 API calls 18547->18548 18555 52a2bce 18548->18555 18550 52a2c36 18549->18550 18551 52a2c15 18549->18551 18553 52a241a 12 API calls 18550->18553 18552 529a80d 28 API calls 18551->18552 18552->18555 18554 52a2c4a 18553->18554 18554->18555 18557 52a3209 18554->18557 18555->18530 18558 52a3240 18557->18558 18559 521b640 __cftof 12 API calls 18558->18559 18560 52a324d 18559->18560 18560->18555 17341 5219540 LdrInitializeThunk 17662 528d380 17663 528d393 17662->17663 17665 528d38c 17662->17665 17664 528d3a0 GetPEB 17663->17664 17664->17665 17585 520174b 17592 52196e0 LdrInitializeThunk 17585->17592 17587 5201765 17588 5201773 17587->17588 17593 5283c60 17587->17593 17592->17587 17594 524562b 17593->17594 17596 5283c78 17593->17596 17594->17588 17597 52196e0 LdrInitializeThunk 17594->17597 17596->17594 17598 5283d40 17596->17598 17597->17588 17599 5283d7f 17598->17599 17600 5283e55 17599->17600 17603 5283e37 GetPEB 17599->17603 17601 521b640 __cftof 12 API calls 17600->17601 17602 5283e65 17601->17602 17602->17594 17603->17599 18561 52036cc 18562 52036d4 GetPEB 18561->18562 18563 52036e6 18561->18563 18564 52036e5 18562->18564 18565 52930c4 18566 52930d8 18565->18566 18567 52930ca 18565->18567 18568 51eeb70 33 API calls 18567->18568 18568->18566 18569 52237cc 18570 52237db 18569->18570 18571 52237ea 18570->18571 18573 522590b 18570->18573 18574 5225917 18573->18574 18577 522592d 18573->18577 18575 521b58e __cftof 12 API calls 18574->18575 18576 5225923 18575->18576 18576->18571 18577->18571 17446 51fa830 17447 51faa53 17446->17447 17459 51fa850 17446->17459 17448 52422bb GetPEB 17449 52422c7 GetPEB 17448->17449 17448->17459 17451 51db150 __cftof 12 API calls 17449->17451 17450 529a80d 28 API calls 17450->17459 17451->17459 17452 5242385 17454 529a80d 28 API calls 17452->17454 17455 51faa3c 17454->17455 17455->17447 17460 52423cb GetPEB 17455->17460 17456 51db150 12 API calls __cftof 17456->17459 17457 5242376 17461 529a80d 28 API calls 17457->17461 17458 5292073 28 API calls 17458->17459 17459->17447 17459->17448 17459->17450 17459->17452 17459->17455 17459->17456 17459->17457 17459->17458 17470 51fab40 17459->17470 17462 52423f6 17460->17462 17463 52423d7 GetPEB 17460->17463 17461->17452 17465 51db150 __cftof 12 API calls 17462->17465 17464 51db150 __cftof 12 API calls 17463->17464 17466 52423f1 17464->17466 17465->17466 17467 51db150 __cftof 12 API calls 17466->17467 17468 524240d 17467->17468 17468->17447 17469 5292073 28 API calls 17468->17469 17469->17447 17471 51fabbb 17470->17471 17472 51fab6e 17470->17472 17471->17459 17472->17471 17473 529a80d 28 API calls 17472->17473 17474 51fabd0 17472->17474 17473->17474 17475 529a80d 28 API calls 17474->17475 17476 51fac01 17474->17476 17475->17476 17476->17471 17477 529a80d 28 API calls 17476->17477 17477->17476 17666 528239a 17667 52823d5 17666->17667 17668 521b640 __cftof 12 API calls 17667->17668 17669 52823df 17668->17669 17478 51fe12c 17479 51fe13b 17478->17479 17480 51fab40 28 API calls 17479->17480 17481 51fe153 17479->17481 17480->17479 17482 525b111 17483 525b143 17482->17483 17484 525b131 17482->17484 17486 52621b7 17484->17486 17489 521e3a0 17486->17489 17492 521e3bd 17489->17492 17491 521e3b8 17491->17483 17493 521e3cc 17492->17493 17495 521e3e3 17492->17495 17494 521b58e __cftof 12 API calls 17493->17494 17497 521e3d8 _vswprintf_s 17494->17497 17496 521b58e __cftof 12 API calls 17495->17496 17495->17497 17496->17497 17497->17491 17498 51fa229 17505 51fa249 17498->17505 17499 51fa265 17545 5219660 LdrInitializeThunk 17499->17545 17501 51fa27e 17503 5241db5 GetPEB 17501->17503 17504 51f7d50 GetPEB 17501->17504 17502 5241c9e 17506 529a80d 28 API calls 17502->17506 17507 5241de4 17503->17507 17508 5241dc7 GetPEB 17503->17508 17509 51fa28d 17504->17509 17505->17499 17505->17502 17510 5241cb0 17506->17510 17512 51db150 __cftof 12 API calls 17507->17512 17511 51db150 __cftof 12 API calls 17508->17511 17513 51fa29a 17509->17513 17514 5241cb8 GetPEB 17509->17514 17515 5241de1 17511->17515 17512->17515 17516 51fa2a5 17513->17516 17517 5241ccb GetPEB 17513->17517 17514->17517 17518 51db150 __cftof 12 API calls 17515->17518 17519 51f7d50 GetPEB 17516->17519 17517->17516 17520 5241cde 17517->17520 17521 5241e03 17518->17521 17522 51fa2ba 17519->17522 17546 529138a 17520->17546 17524 5241cf4 GetPEB 17522->17524 17525 51fa2c2 17522->17525 17526 5241d07 GetPEB 17524->17526 17525->17526 17539 51fa2cd 17525->17539 17528 5241d1a 17526->17528 17526->17539 17527 51f7d50 GetPEB 17529 51fa2d2 17527->17529 17530 51f7d50 GetPEB 17528->17530 17532 51fa2df 17529->17532 17533 5241d51 GetPEB 17529->17533 17531 5241d1f 17530->17531 17534 5241d32 17531->17534 17535 5241d23 GetPEB 17531->17535 17537 51f7d50 GetPEB 17532->17537 17541 51fa2ea 17532->17541 17533->17532 17554 5291582 17534->17554 17535->17534 17540 5241d69 17537->17540 17538 51fa2fb 17539->17527 17542 5241d7c 17540->17542 17543 5241d6d GetPEB 17540->17543 17541->17503 17541->17538 17544 5291582 12 API calls 17542->17544 17543->17542 17544->17541 17545->17501 17547 52913af __cftof 17546->17547 17548 51f7d50 GetPEB 17547->17548 17549 52913d2 17548->17549 17550 52913d6 GetPEB 17549->17550 17551 52913e6 __cftof 17549->17551 17550->17551 17552 521b640 __cftof 12 API calls 17551->17552 17553 529140b 17552->17553 17553->17516 17555 52915bd __cftof 17554->17555 17556 521b640 __cftof 12 API calls 17555->17556 17557 5291602 17556->17557 17557->17539 18578 51d40e1 18579 5230423 GetPEB 18578->18579 18580 51d40f7 18578->18580 18581 523042f GetPEB 18579->18581 18582 523044c 18579->18582 18583 51db150 __cftof 12 API calls 18581->18583 18584 51db150 __cftof 12 API calls 18582->18584 18585 5230449 18583->18585 18584->18585 18586 51db150 __cftof 12 API calls 18585->18586 18587 5230462 18586->18587 18588 51db150 __cftof 12 API calls 18587->18588 18590 5230473 18587->18590 18588->18590 18589 51db150 __cftof 12 API calls 18591 523047f GetPEB 18589->18591 18590->18589 18592 523048c 18591->18592 17604 51d0b60 17605 51d0b72 17604->17605 17607 51d0baf 17604->17607 17605->17607 17608 51d0bd0 17605->17608 17609 51d0c66 17608->17609 17615 51d0c05 17608->17615 17610 522e940 17609->17610 17611 522e915 17609->17611 17614 51d0c8d __cftof 17609->17614 17613 5221700 12 API calls 17610->17613 17610->17614 17611->17614 17617 5221700 17611->17617 17613->17614 17614->17607 17615->17609 17615->17614 17616 5221700 12 API calls 17615->17616 17616->17615 17620 52214e9 17617->17620 17619 522171c 17619->17614 17622 52214fb 17620->17622 17621 521b58e __cftof 12 API calls 17623 522150e __cftof 17621->17623 17622->17621 17622->17623 17623->17619 17670 51fe4a0 17671 51fe4c0 17670->17671 17672 529a80d 28 API calls 17671->17672 17673 51fe4db 17671->17673 17672->17673

                                            Executed Functions

                                            Function 05219540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 4 5219540-521954c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 4585270c2308032932eafdcfa6e78e798bdb301a3551357cea022e06165e381a
                                            • Instruction ID: 5d280e66bc1f273e186457b694fbbe40cfcebf7a8e2dbdb846435f0a260519d1
                                            • Opcode Fuzzy Hash: 4585270c2308032932eafdcfa6e78e798bdb301a3551357cea022e06165e381a
                                            • Instruction Fuzzy Hash: 8690027A221010130105A569074450700569BD53A13A1C021F5045550CD6A188626161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052195D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 5 52195d0-52195dc LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: c3408efc4338ab651c171979af954cfd9d48b0e39b29a3bdfe5ed286576201f6
                                            • Instruction ID: 73451d1aa9683fb1d322c2ffb46f3386383469ad97c36856618c2ec72c7552c7
                                            • Opcode Fuzzy Hash: c3408efc4338ab651c171979af954cfd9d48b0e39b29a3bdfe5ed286576201f6
                                            • Instruction Fuzzy Hash: 4D9002B621201013410571694454616401A9BE0251BA1C021E5044590DC5A588927165
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 8 5219710-521971c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 364878ab937fe1b5de67bbf47fcd0e01f813a604c2396cb79fd8bf9b3f6d7caf
                                            • Instruction ID: e1a793d02bfbbdb81106aeb65b871268bba5b86814dcab8ecb90f07f7baa3d29
                                            • Opcode Fuzzy Hash: 364878ab937fe1b5de67bbf47fcd0e01f813a604c2396cb79fd8bf9b3f6d7caf
                                            • Instruction Fuzzy Hash: 3590027621101412D10065A9544864600159BE0351FA1D011A9054555EC6E588927171
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052197A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 10 52197a0-52197ac LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 3eab43555b0dadd7b11115f5350c846e21eb5579914f3e38f666e81b17aa8911
                                            • Instruction ID: b7b84b57c369d42b08501531d02c7d38d6f7bf581cad3c44097c5778e5679def
                                            • Opcode Fuzzy Hash: 3eab43555b0dadd7b11115f5350c846e21eb5579914f3e38f666e81b17aa8911
                                            • Instruction Fuzzy Hash: 3990027631101013D140716954586064015EBE1351FA1D011E4444554CD99588576262
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 9 5219780-521978c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 5be27752240299402ed67ea4dedd6fcf293f11adb8bd5018a267425ca7f40d24
                                            • Instruction ID: c35a7e850bc0bbc491b973920ce2019213b7a6d93b632134031a1d2ad69d337e
                                            • Opcode Fuzzy Hash: 5be27752240299402ed67ea4dedd6fcf293f11adb8bd5018a267425ca7f40d24
                                            • Instruction Fuzzy Hash: 5990027E22301012D1807169544860A00159BD1252FE1D415A4045558CC995886A6361
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 627266a714731b938cc54c9f9827c2147e56837b5a21047ab6d56af84fb19dcd
                                            • Instruction ID: 534e2c123f22ac8154164511eb9cdecfff2bc1c0a4cbe6b016935e8ef917f746
                                            • Opcode Fuzzy Hash: 627266a714731b938cc54c9f9827c2147e56837b5a21047ab6d56af84fb19dcd
                                            • Instruction Fuzzy Hash: 8390027632115412D1106169844470600159BD1251FA1C411A4854558D86D588927162
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 6 5219660-521966c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 1319c3db4970513bd10ec91437ce102ba0779e3f18472e14fe9bc310bb38c288
                                            • Instruction ID: 4f69420dcddd20ebc1609e5751bd385df3d557472c6347322b81d86ab53263dc
                                            • Opcode Fuzzy Hash: 1319c3db4970513bd10ec91437ce102ba0779e3f18472e14fe9bc310bb38c288
                                            • Instruction Fuzzy Hash: 1690027621101812D1807169444464A00159BD1351FE1C015A4055654DCA958A5A77E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052196E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 7 52196e0-52196ec LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 5b5f42559c6c26efe08dbe7ae90d325b8f64037681dd759d513f743813da4783
                                            • Instruction ID: f57df3bd0e9e9b42ec30a52eb529c75de3c8367b4acbb250c93378b52ea6dd7a
                                            • Opcode Fuzzy Hash: 5b5f42559c6c26efe08dbe7ae90d325b8f64037681dd759d513f743813da4783
                                            • Instruction Fuzzy Hash: CE90027621109812D1106169844474A00159BD0351FA5C411A8454658D86D588927161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 14 5219910-521991c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 33d6389a89f269bd4cea0472a9838e5b99e9bd2fe15e94b97be14614dbcdb7f0
                                            • Instruction ID: 5fb8697437e61c2738b65486d18465b228114b1dd80b5221945f3cae18ed6adc
                                            • Opcode Fuzzy Hash: 33d6389a89f269bd4cea0472a9838e5b99e9bd2fe15e94b97be14614dbcdb7f0
                                            • Instruction Fuzzy Hash: C69002B621101412D1407169444474600159BD0351FA1C011A9094554E86D98DD676A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052199A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 15 52199a0-52199ac LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: d2e0076328860e022f0b76bb9e2bfd7e5ff66b9d1ba328cac29b28c997b49a15
                                            • Instruction ID: 7f66b4452c01b02eddf74e443c8c2e4e4fda7c66736ff079c2b511219d06cffa
                                            • Opcode Fuzzy Hash: d2e0076328860e022f0b76bb9e2bfd7e5ff66b9d1ba328cac29b28c997b49a15
                                            • Instruction Fuzzy Hash: D89002B635101452D10061694454B060015DBE1351FA1C015E5094554D8699CC537166
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 12 5219860-521986c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 185fc1fe7832b4ad79393fd3991a0c38511b1dc96f3a80a7a5954f821964f09c
                                            • Instruction ID: 04aa6701b368d2f82074feb5a0c1cefebc7d91a2dd2451925924ca93dfec7db7
                                            • Opcode Fuzzy Hash: 185fc1fe7832b4ad79393fd3991a0c38511b1dc96f3a80a7a5954f821964f09c
                                            • Instruction Fuzzy Hash: 5790027621101423D1116169454470700199BD0291FE1C412A4454558D96D68953B161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 11 5219840-521984c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 56e104fe7427963c7df6ff6537623e2aed142b892bc452d5d48f9057e8da9b0c
                                            • Instruction ID: a9c8b6aea76b602da45db4c8e37a53cbf9f21f7a67a6a92f3d864c887769b8e1
                                            • Opcode Fuzzy Hash: 56e104fe7427963c7df6ff6537623e2aed142b892bc452d5d48f9057e8da9b0c
                                            • Instruction Fuzzy Hash: 0F900276252051625545B16944445074016ABE02917E1C012A5444950C85A69857E661
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052198F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 13 52198f0-52198fc LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: f0ccd259ef5eac69ffde34a71ec53d5ebf3caa7672326de47bea477433bb64a0
                                            • Instruction ID: 9aa18d652f6569a23b2cb170b84da25f5b4c1e173a7deeae66c70317b411cb57
                                            • Opcode Fuzzy Hash: f0ccd259ef5eac69ffde34a71ec53d5ebf3caa7672326de47bea477433bb64a0
                                            • Instruction Fuzzy Hash: 4590027661101512D10171694444616001A9BD0291FE1C022A5054555ECAA58993B171
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 17 5219a20-5219a2c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: c78501b488602e0aba926c63c0d54e664b32fcee7a69453a7a7e052a21d25984
                                            • Instruction ID: f43f0b8061e99781e47dd9fae6e70addee017952fb177d4536a73e55c9602021
                                            • Opcode Fuzzy Hash: c78501b488602e0aba926c63c0d54e664b32fcee7a69453a7a7e052a21d25984
                                            • Instruction Fuzzy Hash: 3A900276611010524140717988849064015BFE12617A1C121A49C8550D85D9886666A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 16 5219a00-5219a0c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 462ce7a042adf163a80e4c213bf7111276c7a6fff092829af38b08a72f8dbd20
                                            • Instruction ID: a2bc969af02a8cd05f933887d25a02a5fbe498adc2449c05b6565475d605f685
                                            • Opcode Fuzzy Hash: 462ce7a042adf163a80e4c213bf7111276c7a6fff092829af38b08a72f8dbd20
                                            • Instruction Fuzzy Hash: F290027621141412D1006169485470B00159BD0352FA1C011A5194555D86A5885275B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 30299f7a475a1cd9f7e02d19725c9388720c82c530313171e15eb4f6180f14f8
                                            • Instruction ID: 26ce1cbff89bf54cc4ca44c1d471ad04a116bd144172c4879b0b5a52ea6b7526
                                            • Opcode Fuzzy Hash: 30299f7a475a1cd9f7e02d19725c9388720c82c530313171e15eb4f6180f14f8
                                            • Instruction Fuzzy Hash: A690027622181052D20065794C54B0700159BD0353FA1C115A4184554CC99588626561
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0521967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 521967a-521967f 1 5219681-5219688 0->1 2 521968f-5219696 LdrInitializeThunk 0->2
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 064eabfbcb987d10e2dc0b0aac6ce2ab9b052ee790ca7ec780b416617b089e43
                                            • Instruction ID: 77c38526106a7e26e6d9e03918a8b3579c42274657e80cc0e220ea5a82e8961e
                                            • Opcode Fuzzy Hash: 064eabfbcb987d10e2dc0b0aac6ce2ab9b052ee790ca7ec780b416617b089e43
                                            • Instruction Fuzzy Hash: 6FB09B729115D5D5D611D7704608B2779517FD0751F66C061D6060641A4778C0D1F5B5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041FEA0 Relevance: .0, Instructions: 7COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.563591040.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 0041F000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_41f000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 94a00c52131884b54b70ebc8f2fd5bdbfb529a04d8c8330ff7a004be8e45f986
                                            • Instruction ID: 01b26b3b51a60279f15b736ec3c63860aeb374bd248f67378b47bd979e673b2f
                                            • Opcode Fuzzy Hash: 94a00c52131884b54b70ebc8f2fd5bdbfb529a04d8c8330ff7a004be8e45f986
                                            • Instruction Fuzzy Hash: BDA02220C8C30C03002030FA2F03033B30C888000CFC003EAAC0C0220A3C02A83200EB
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 0528B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Strings
                                            • an invalid address, %p, xrefs: 0528B4CF
                                            • <unknown>, xrefs: 0528B27E, 0528B2D1, 0528B350, 0528B399, 0528B417, 0528B48E
                                            • *** Resource timeout (%p) in %ws:%s, xrefs: 0528B352
                                            • *** then kb to get the faulting stack, xrefs: 0528B51C
                                            • Go determine why that thread has not released the critical section., xrefs: 0528B3C5
                                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0528B39B
                                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0528B314
                                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0528B2DC
                                            • *** An Access Violation occurred in %ws:%s, xrefs: 0528B48F
                                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0528B305
                                            • The instruction at %p tried to %s , xrefs: 0528B4B6
                                            • The resource is owned exclusively by thread %p, xrefs: 0528B374
                                            • *** enter .cxr %p for the context, xrefs: 0528B50D
                                            • a NULL pointer, xrefs: 0528B4E0
                                            • *** enter .exr %p for the exception record, xrefs: 0528B4F1
                                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0528B2F3
                                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0528B323
                                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0528B53F
                                            • The instruction at %p referenced memory at %p., xrefs: 0528B432
                                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0528B3D6
                                            • The critical section is owned by thread %p., xrefs: 0528B3B9
                                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0528B47D
                                            • *** Inpage error in %ws:%s, xrefs: 0528B418
                                            • read from, xrefs: 0528B4AD, 0528B4B2
                                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0528B38F
                                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0528B476
                                            • The resource is owned shared by %d threads, xrefs: 0528B37E
                                            • This failed because of error %Ix., xrefs: 0528B446
                                            • write to, xrefs: 0528B4A6
                                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0528B484
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                            • API String ID: 0-108210295
                                            • Opcode ID: 733593124963849b31afd819180476d50cf474d8cb11547664772eaada2567df
                                            • Instruction ID: 7d4335d9f39dfbea4d436cb234f8c4974cb44d1e8ae50fb99fb35288d73ea185
                                            • Opcode Fuzzy Hash: 733593124963849b31afd819180476d50cf474d8cb11547664772eaada2567df
                                            • Instruction Fuzzy Hash: 0F812675B61200FFCB26AB449CDAD7B3F26EF56651F80009CF1082B291D3B68491D7B2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05291C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 44%
                                            			E05291C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x51b48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E051DB150();
				} else {
					E051DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x52c589c);
				E051DB150("Heap error detected at %p (heap handle %p)\n",  *0x52c58a0);
				_t27 =  *0x52c5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M05291E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E051DB150();
				} else {
					E051DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E051DB150("Error code: %d - %s\n",  *0x52c5898);
				_t113 =  *0x52c58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E051DB150();
					} else {
						E051DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E051DB150("Parameter1: %p\n",  *0x52c58a4);
				}
				_t115 =  *0x52c58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E051DB150();
					} else {
						E051DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E051DB150("Parameter2: %p\n",  *0x52c58a8);
				}
				_t117 =  *0x52c58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E051DB150();
					} else {
						E051DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E051DB150("Parameter3: %p\n",  *0x52c58ac);
				}
				_t119 =  *0x52c58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E051DB150();
					} else {
						E051DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x52c58b4);
					E051DB150("Last known valid blocks: before - %p, after - %p\n",  *0x52c58b0);
				} else {
					_t120 =  *0x52c58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E051DB150();
				} else {
					E051DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E051DB150("Stack trace available at %p\n", 0x52c58c0);
			}











                                            0x05291c10
                                            0x05291c16
                                            0x05291c1e
                                            0x05291c3d
                                            0x05291c3e
                                            0x05291c20
                                            0x05291c35
                                            0x05291c3a
                                            0x05291c44
                                            0x05291c55
                                            0x05291c5a
                                            0x05291c65
                                            0x05291c67
                                            0x00000000
                                            0x05291c6e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05291c67
                                            0x05291cdc
                                            0x05291ce5
                                            0x05291d04
                                            0x05291d05
                                            0x05291ce7
                                            0x05291cfc
                                            0x05291d01
                                            0x05291d0b
                                            0x05291d17
                                            0x05291d1f
                                            0x05291d25
                                            0x05291d30
                                            0x05291d4f
                                            0x05291d50
                                            0x05291d32
                                            0x05291d47
                                            0x05291d4c
                                            0x05291d61
                                            0x05291d67
                                            0x05291d68
                                            0x05291d6e
                                            0x05291d79
                                            0x05291d98
                                            0x05291d99
                                            0x05291d7b
                                            0x05291d90
                                            0x05291d95
                                            0x05291daa
                                            0x05291db0
                                            0x05291db1
                                            0x05291db7
                                            0x05291dc2
                                            0x05291de1
                                            0x05291de2
                                            0x05291dc4
                                            0x05291dd9
                                            0x05291dde
                                            0x05291df3
                                            0x05291df9
                                            0x05291dfa
                                            0x05291e00
                                            0x05291e0a
                                            0x05291e13
                                            0x05291e32
                                            0x05291e33
                                            0x05291e15
                                            0x05291e2a
                                            0x05291e2f
                                            0x05291e39
                                            0x05291e4a
                                            0x05291e02
                                            0x05291e02
                                            0x05291e08
                                            0x00000000
                                            0x00000000
                                            0x05291e08
                                            0x05291e5b
                                            0x05291e7a
                                            0x05291e7b
                                            0x05291e5d
                                            0x05291e72
                                            0x05291e77
                                            0x05291e95

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                            • API String ID: 0-2897834094
                                            • Opcode ID: fcb0ca744b44b91cc3c66cd8de7d5a2e9f27f7db5381082fbed98fd8de3b58cd
                                            • Instruction ID: af19f6662ce6882704f2fa6ecc5148a1494d82a776876a3643dc7e769d6de76f
                                            • Opcode Fuzzy Hash: fcb0ca744b44b91cc3c66cd8de7d5a2e9f27f7db5381082fbed98fd8de3b58cd
                                            • Instruction Fuzzy Hash: 0061E537639543CFCA06D745E549921BBF9EF00921B0981ADF40E6B342C775B890CE6A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051E3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E051E3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E051E1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E051E1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E051E1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E051E1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E051E1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L051F4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0521F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E05221370(_t276, 0x51b4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0521BB40(0,  &_v68, _t170);
									if(L051E43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0521BB40(_t257,  &_v68, _t243);
								if(L051E43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E05221370(_t278, 0x51b4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L051F4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0521F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E05221370(_v16, 0x51b4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0521BB40(_t262,  &_v68, _t244);
								if(L051E43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E05221370(_t282, 0x51b4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0521BB40(_t262,  &_v68, _t201);
							if(L051E43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L051F4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0521F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E05221370(_t280, 0x51b4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0521BB40(_t267,  &_v68, _t245);
							if(L051E43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E05221370(_t284, 0x51b4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0521BB40(_t267,  &_v68, _t224);
						if(L051E43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                            0x051e3d3c
                                            0x051e3d42
                                            0x051e3d44
                                            0x051e3d46
                                            0x051e3d49
                                            0x051e3d4c
                                            0x051e3d4f
                                            0x051e3d52
                                            0x051e3d55
                                            0x051e3d58
                                            0x051e3d5b
                                            0x051e3d5f
                                            0x051e3d61
                                            0x051e3d66
                                            0x05238213
                                            0x05238218
                                            0x051e4085
                                            0x051e4088
                                            0x051e408e
                                            0x051e4094
                                            0x051e409a
                                            0x051e40a0
                                            0x051e40a6
                                            0x051e40a9
                                            0x051e40af
                                            0x051e40b6
                                            0x051e40bd
                                            0x051e40bd
                                            0x051e3d83
                                            0x0523821f
                                            0x05238229
                                            0x05238238
                                            0x05238238
                                            0x0523823d
                                            0x0523823d
                                            0x051e3da0
                                            0x051e3daf
                                            0x051e3db5
                                            0x051e3dba
                                            0x051e3dba
                                            0x051e3dd4
                                            0x051e3e94
                                            0x051e3eab
                                            0x051e3f6d
                                            0x051e3f84
                                            0x051e406b
                                            0x051e406b
                                            0x051e406e
                                            0x051e406e
                                            0x051e4070
                                            0x051e4074
                                            0x05238351
                                            0x05238351
                                            0x051e407a
                                            0x051e407f
                                            0x0523835d
                                            0x05238370
                                            0x05238377
                                            0x05238379
                                            0x0523837c
                                            0x0523837c
                                            0x0523835d
                                            0x00000000
                                            0x051e407f
                                            0x051e3f8a
                                            0x051e3f8d
                                            0x051e3f90
                                            0x051e3f95
                                            0x0523830d
                                            0x0523830f
                                            0x051e3f9b
                                            0x051e3fac
                                            0x051e3fae
                                            0x051e3fb1
                                            0x051e3fb1
                                            0x051e3fb6
                                            0x05238317
                                            0x0523831a
                                            0x00000000
                                            0x051e3fbc
                                            0x051e3fc1
                                            0x051e3fc9
                                            0x051e3fd7
                                            0x051e3fda
                                            0x051e3fdd
                                            0x051e4021
                                            0x051e4021
                                            0x051e4029
                                            0x051e4030
                                            0x051e4044
                                            0x051e4046
                                            0x051e4046
                                            0x051e4044
                                            0x051e4049
                                            0x05238327
                                            0x05238334
                                            0x05238339
                                            0x0523833c
                                            0x051e404f
                                            0x051e404f
                                            0x051e404f
                                            0x051e4051
                                            0x051e4056
                                            0x051e4063
                                            0x051e4063
                                            0x051e4068
                                            0x00000000
                                            0x051e4068
                                            0x051e3fdf
                                            0x051e3fe2
                                            0x051e3fe4
                                            0x051e3fe7
                                            0x051e3fef
                                            0x051e4003
                                            0x051e4005
                                            0x051e4005
                                            0x051e400c
                                            0x051e4013
                                            0x051e4016
                                            0x051e4017
                                            0x051e401b
                                            0x051e401e
                                            0x00000000
                                            0x051e401e
                                            0x051e3fb6
                                            0x051e3eb1
                                            0x051e3eb4
                                            0x051e3eb7
                                            0x051e3ebc
                                            0x052382a9
                                            0x052382ab
                                            0x051e3ec2
                                            0x051e3ed3
                                            0x051e3ed5
                                            0x051e3ed8
                                            0x051e3ed8
                                            0x051e3edd
                                            0x052382b3
                                            0x052382b6
                                            0x00000000
                                            0x051e3ee3
                                            0x051e3ee8
                                            0x051e3eed
                                            0x051e3ef0
                                            0x051e3ef3
                                            0x051e3f02
                                            0x051e3f05
                                            0x051e3f08
                                            0x052382c0
                                            0x052382c3
                                            0x052382c5
                                            0x052382c8
                                            0x052382d0
                                            0x052382e4
                                            0x052382e6
                                            0x052382e6
                                            0x052382ed
                                            0x052382f4
                                            0x052382f7
                                            0x052382f8
                                            0x052382fc
                                            0x052382ff
                                            0x052382ff
                                            0x051e3f0e
                                            0x051e3f11
                                            0x051e3f16
                                            0x051e3f1d
                                            0x051e3f31
                                            0x05238307
                                            0x05238307
                                            0x051e3f31
                                            0x051e3f39
                                            0x051e3f48
                                            0x051e3f4d
                                            0x051e3f50
                                            0x051e3f50
                                            0x051e3f53
                                            0x051e3f58
                                            0x051e3f65
                                            0x051e3f65
                                            0x051e3f6a
                                            0x00000000
                                            0x051e3f6a
                                            0x051e3edd
                                            0x051e3dda
                                            0x051e3ddd
                                            0x051e3de0
                                            0x051e3de5
                                            0x05238245
                                            0x051e3deb
                                            0x051e3df7
                                            0x051e3dfc
                                            0x051e3dfe
                                            0x051e3e01
                                            0x051e3e01
                                            0x051e3e06
                                            0x0523824d
                                            0x0523824f
                                            0x05238254
                                            0x00000000
                                            0x051e3e0c
                                            0x051e3e11
                                            0x051e3e16
                                            0x051e3e19
                                            0x051e3e29
                                            0x051e3e2c
                                            0x051e3e2f
                                            0x0523825c
                                            0x0523825f
                                            0x05238261
                                            0x05238264
                                            0x0523826c
                                            0x05238280
                                            0x05238282
                                            0x05238282
                                            0x05238289
                                            0x05238290
                                            0x05238293
                                            0x05238294
                                            0x05238298
                                            0x0523829b
                                            0x0523829b
                                            0x051e3e35
                                            0x051e3e38
                                            0x051e3e3d
                                            0x051e3e44
                                            0x051e3e58
                                            0x052382a3
                                            0x052382a3
                                            0x051e3e58
                                            0x051e3e60
                                            0x051e3e6f
                                            0x051e3e74
                                            0x051e3e77
                                            0x051e3e77
                                            0x051e3e7a
                                            0x051e3e7f
                                            0x051e3e8c
                                            0x051e3e8c
                                            0x051e3e91
                                            0x00000000
                                            0x051e3e91

                                            Strings
                                            • WindowsExcludedProcs, xrefs: 051E3D6F
                                            • Kernel-MUI-Language-Disallowed, xrefs: 051E3E97
                                            • Kernel-MUI-Number-Allowed, xrefs: 051E3D8C
                                            • Kernel-MUI-Language-SKU, xrefs: 051E3F70
                                            • Kernel-MUI-Language-Allowed, xrefs: 051E3DC0
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                            • API String ID: 0-258546922
                                            • Opcode ID: 27f60cec21abccbdba0951ebee9f07cfbb6d83f0a54315d404dea60586012405
                                            • Instruction ID: 6258b5d0e16adc0533dd5494c8be137bb9f3853e369ccaba3719d79c15f22491
                                            • Opcode Fuzzy Hash: 27f60cec21abccbdba0951ebee9f07cfbb6d83f0a54315d404dea60586012405
                                            • Instruction Fuzzy Hash: 88F19F72E10619EFCF15DF98C984EEEB7B9FF48650F15006AE905A7211E774AE01CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051D40E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 29%
                                            			E051D40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E051DB150();
					} else {
						E051DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E051DB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E051DB150(", passed to %s", _t29);
					}
					_push("\n");
					E051DB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x52c6378 = 1;
						asm("int3");
						 *0x52c6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                            0x051d40e6
                                            0x051d40e8
                                            0x051d40f1
                                            0x0523042d
                                            0x0523044c
                                            0x05230451
                                            0x0523042f
                                            0x05230444
                                            0x05230449
                                            0x0523045d
                                            0x05230466
                                            0x0523046e
                                            0x05230474
                                            0x05230475
                                            0x0523047a
                                            0x0523048a
                                            0x0523048c
                                            0x05230493
                                            0x05230494
                                            0x05230494
                                            0x00000000
                                            0x0523049b
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                            • API String ID: 0-188067316
                                            • Opcode ID: a0cd23dd515a6bf4448b149522bfd978d420bcdafbb507f016b38f89f93fbeba
                                            • Instruction ID: 2f426f50250638705e2a29c19c12d05a65c65a23263880ca24198dd10b1c49c3
                                            • Opcode Fuzzy Hash: a0cd23dd515a6bf4448b149522bfd978d420bcdafbb507f016b38f89f93fbeba
                                            • Instruction Fuzzy Hash: C601D8723282419EE3299768B55EF96BBF4EF41F30F2A806DF10A47682CBF4A440D535
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051FA830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 70%
                                            			E051FA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x52c8748 - 1;
					if( *0x52c8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E051DB150();
									_t260 = _t257 + 4;
								} else {
									E051DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E051DB150();
								_t257 = _t260 + 4;
								__eflags =  *0x52c7bc8;
								if(__eflags == 0) {
									E05292073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0529A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E0522D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E051FAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0529A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0529A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x52c8748 - 1;
					if( *0x52c8748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E051DB150();
							} else {
								E051DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E051DB150();
							__eflags =  *0x52c7bc8;
							if(__eflags == 0) {
								_t131 = E05292073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                            0x051fa83a
                                            0x051fa83c
                                            0x051fa83e
                                            0x051fa841
                                            0x051fa844
                                            0x051fa84a
                                            0x051faa53
                                            0x051faa59
                                            0x051faa59
                                            0x051fa858
                                            0x051fa85e
                                            0x051faaf5
                                            0x051faafc
                                            0x0524229e
                                            0x052422a2
                                            0x052422a8
                                            0x052422b3
                                            0x052422b5
                                            0x052422bb
                                            0x052422c1
                                            0x052422c5
                                            0x052422e6
                                            0x052422eb
                                            0x052422f0
                                            0x052422c7
                                            0x052422dc
                                            0x052422e1
                                            0x052422e1
                                            0x052422f3
                                            0x052422f8
                                            0x052422fd
                                            0x05242300
                                            0x05242307
                                            0x0524230e
                                            0x0524230e
                                            0x05242313
                                            0x05242313
                                            0x052422b5
                                            0x052422a2
                                            0x051faafc
                                            0x051fa864
                                            0x051fa869
                                            0x051faa5c
                                            0x051faa5e
                                            0x051fa86f
                                            0x051fa87f
                                            0x051fa885
                                            0x051fa885
                                            0x051fa88b
                                            0x051fa890
                                            0x051fa896
                                            0x051fab0c
                                            0x051fab0f
                                            0x051fab15
                                            0x05242320
                                            0x05242320
                                            0x051fab1b
                                            0x051fa89c
                                            0x051fa89f
                                            0x051fa8a2
                                            0x051fa8a2
                                            0x051fa8a5
                                            0x051fa8af
                                            0x051fa8b3
                                            0x051fa8b8
                                            0x051faa66
                                            0x051fa8be
                                            0x051fa8c5
                                            0x051fa8c6
                                            0x051fa8ce
                                            0x05242328
                                            0x05242332
                                            0x05242337
                                            0x05242337
                                            0x051fa8ce
                                            0x051fa8d4
                                            0x051fa8d8
                                            0x051fa8db
                                            0x051fa8de
                                            0x051fa8e1
                                            0x051fa8e5
                                            0x051fa8e8
                                            0x051fa8f0
                                            0x051fa8f3
                                            0x0524234c
                                            0x05242350
                                            0x05242355
                                            0x05242359
                                            0x05242359
                                            0x051fa8f9
                                            0x051fa901
                                            0x051faae4
                                            0x051faae4
                                            0x051faaea
                                            0x00000000
                                            0x051fa907
                                            0x051fa90a
                                            0x051fa91d
                                            0x051fa91d
                                            0x00000000
                                            0x051fa910
                                            0x051fa910
                                            0x051fa910
                                            0x051fa914
                                            0x051fa924
                                            0x051fa924
                                            0x051fa924
                                            0x051fa924
                                            0x051fa916
                                            0x051fa91b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051fa91b
                                            0x051fa925
                                            0x051fa925
                                            0x051fa932
                                            0x051fa936
                                            0x051fa93c
                                            0x051fa93c
                                            0x051fa93c
                                            0x051fab22
                                            0x051fab24
                                            0x051fab27
                                            0x051fab27
                                            0x051fa942
                                            0x051fa944
                                            0x051faaba
                                            0x051faabd
                                            0x051faac0
                                            0x051faac0
                                            0x051faac2
                                            0x051fab2f
                                            0x051faac4
                                            0x051faac4
                                            0x051faac7
                                            0x051faaca
                                            0x051faacc
                                            0x051faace
                                            0x051faace
                                            0x051faace
                                            0x051faad1
                                            0x051faad1
                                            0x051faad7
                                            0x051faad9
                                            0x00000000
                                            0x00000000
                                            0x05242361
                                            0x05242369
                                            0x0524236b
                                            0x00000000
                                            0x05242371
                                            0x00000000
                                            0x05242371
                                            0x00000000
                                            0x0524236b
                                            0x051faac0
                                            0x051fa94a
                                            0x051fa94a
                                            0x051fa94d
                                            0x051fa94d
                                            0x051fa950
                                            0x051fa954
                                            0x05242376
                                            0x05242380
                                            0x051fa95a
                                            0x051fa95a
                                            0x051fa95c
                                            0x051fa95f
                                            0x051fa961
                                            0x051fa961
                                            0x051fa967
                                            0x051fa96a
                                            0x051fa972
                                            0x051faa02
                                            0x051faa06
                                            0x051faa10
                                            0x051faa16
                                            0x051faa16
                                            0x051faa1b
                                            0x051faa21
                                            0x051faa24
                                            0x051faa27
                                            0x051faa29
                                            0x051faa2c
                                            0x051faa32
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051fa978
                                            0x051fa978
                                            0x051fa97b
                                            0x051fa981
                                            0x051fa996
                                            0x051fa998
                                            0x051fa99f
                                            0x051fa9a2
                                            0x0524238a
                                            0x051fa9a8
                                            0x051fa9a8
                                            0x051fa9a8
                                            0x051fa9aa
                                            0x051fa9ad
                                            0x051fa9b0
                                            0x051fa9bb
                                            0x051fa9be
                                            0x051fa9c7
                                            0x051fa9c9
                                            0x051fa9c9
                                            0x051fa9cc
                                            0x051fa9d1
                                            0x051faa6d
                                            0x051faa70
                                            0x051faa73
                                            0x051faa75
                                            0x051faa79
                                            0x051faa7e
                                            0x051faa82
                                            0x051faa8f
                                            0x051faa94
                                            0x051faa96
                                            0x05242392
                                            0x052423a1
                                            0x052423a1
                                            0x051faa9c
                                            0x051faa9f
                                            0x051faaa2
                                            0x051faaa2
                                            0x051faaa8
                                            0x051faaab
                                            0x051faaaf
                                            0x00000000
                                            0x051faab5
                                            0x00000000
                                            0x051faab5
                                            0x051fa9d7
                                            0x051fa9d7
                                            0x051fa9da
                                            0x051fa9e0
                                            0x051fa9e3
                                            0x051fa9e6
                                            0x051fa9e9
                                            0x051fa9eb
                                            0x051fa9fd
                                            0x051fa9fd
                                            0x00000000
                                            0x051fa9eb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051fa983
                                            0x051fa983
                                            0x051fa983
                                            0x051fa987
                                            0x051fa995
                                            0x051fa995
                                            0x051fa995
                                            0x051fa995
                                            0x051fa989
                                            0x051fa98e
                                            0x00000000
                                            0x051fa990
                                            0x00000000
                                            0x051fa990
                                            0x051fa98e
                                            0x00000000
                                            0x051fa983
                                            0x051fa972
                                            0x051fa90a
                                            0x051faa34
                                            0x051faa34
                                            0x051faa40
                                            0x051faa43
                                            0x051faa46
                                            0x051faa4d
                                            0x052423ab
                                            0x052423b2
                                            0x052423b8
                                            0x052423be
                                            0x052423c3
                                            0x052423c5
                                            0x052423cb
                                            0x052423d1
                                            0x052423d5
                                            0x052423f6
                                            0x052423fb
                                            0x052423d7
                                            0x052423ec
                                            0x052423f1
                                            0x05242403
                                            0x05242408
                                            0x05242410
                                            0x05242417
                                            0x05242422
                                            0x05242422
                                            0x05242417
                                            0x052423c5
                                            0x052423b2
                                            0x00000000

                                            Strings
                                            • HEAP: , xrefs: 052422E6, 052423F6
                                            • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 052422F3
                                            • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 05242403
                                            • HEAP[%wZ]: , xrefs: 052422D7, 052423E7
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                            • API String ID: 0-1657114761
                                            • Opcode ID: 7bbf05cb0c5cfc2ac99f1e4892734d90575a5da00b0c2b12b82d34c53a20632e
                                            • Instruction ID: 3af4dc9183acbc338dc7e2c7f4d8829e0ab1187b58269b98e13702025c8fd844
                                            • Opcode Fuzzy Hash: 7bbf05cb0c5cfc2ac99f1e4892734d90575a5da00b0c2b12b82d34c53a20632e
                                            • Instruction Fuzzy Hash: 89D1E374614646DFDB28CF68C490BBAB7F2FF48300F158169E95A9B341E338E945CB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051FA229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 69%
                                            			E051FA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E051FDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E05219730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0529A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E05219660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E051DB150();
					} else {
						E051DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E051DB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E051F7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0529138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E051F7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E051F7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E05291582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E051F7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E051F7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E05291582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0522D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                            0x051fa229
                                            0x051fa231
                                            0x051fa23f
                                            0x051fa242
                                            0x051fa244
                                            0x051fa24c
                                            0x051fa255
                                            0x051fa25a
                                            0x051fa25f
                                            0x05241c76
                                            0x05241c78
                                            0x05241c7e
                                            0x05241c7f
                                            0x05241c81
                                            0x05241c82
                                            0x05241c84
                                            0x05241c89
                                            0x05241c8b
                                            0x05241c9e
                                            0x05241c9e
                                            0x05241cab
                                            0x05241cb2
                                            0x00000000
                                            0x05241cb2
                                            0x05241c8d
                                            0x05241c92
                                            0x00000000
                                            0x00000000
                                            0x05241c94
                                            0x05241c98
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05241c98
                                            0x051fa265
                                            0x051fa265
                                            0x051fa266
                                            0x051fa26f
                                            0x051fa270
                                            0x051fa276
                                            0x051fa277
                                            0x051fa279
                                            0x051fa27e
                                            0x051fa282
                                            0x05241db5
                                            0x05241dbb
                                            0x05241dc1
                                            0x05241dc5
                                            0x05241de4
                                            0x05241de9
                                            0x05241dc7
                                            0x05241ddc
                                            0x05241de1
                                            0x05241def
                                            0x05241df3
                                            0x05241df7
                                            0x05241dfe
                                            0x05241e06
                                            0x051fa302
                                            0x051fa308
                                            0x051fa308
                                            0x051fa288
                                            0x051fa28d
                                            0x051fa294
                                            0x05241cc1
                                            0x051fa29a
                                            0x051fa29a
                                            0x051fa29a
                                            0x051fa29f
                                            0x05241ccb
                                            0x05241cd1
                                            0x05241cd8
                                            0x05241cea
                                            0x05241cea
                                            0x05241cd8
                                            0x051fa2a9
                                            0x051fa2af
                                            0x051fa2bc
                                            0x05241cfd
                                            0x051fa2c2
                                            0x051fa2c2
                                            0x051fa2c2
                                            0x051fa2c7
                                            0x05241d07
                                            0x05241d0d
                                            0x05241d14
                                            0x05241d1f
                                            0x05241d21
                                            0x05241d2c
                                            0x05241d2c
                                            0x05241d2c
                                            0x05241d47
                                            0x05241d47
                                            0x05241d14
                                            0x051fa2cd
                                            0x051fa2d2
                                            0x051fa2d9
                                            0x05241d5a
                                            0x051fa2df
                                            0x051fa2df
                                            0x051fa2df
                                            0x051fa2e4
                                            0x05241d69
                                            0x05241d6b
                                            0x05241d76
                                            0x05241d76
                                            0x05241d76
                                            0x05241d91
                                            0x05241d91
                                            0x051fa2ea
                                            0x051fa2f0
                                            0x051fa2f5
                                            0x05241da8
                                            0x05241dad
                                            0x05241dad
                                            0x051fa2fd
                                            0x051fa300
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                            • API String ID: 2994545307-2586055223
                                            • Opcode ID: 11ea230d06407763bdae9ce6dc42f95e480d338d3c6e8a40ac7f0f58c067a21f
                                            • Instruction ID: 712a5b21d0e79186e9fdb89a404b79b9c8627a4cfe64f03c3ee8dd2adf5e768c
                                            • Opcode Fuzzy Hash: 11ea230d06407763bdae9ce6dc42f95e480d338d3c6e8a40ac7f0f58c067a21f
                                            • Instruction Fuzzy Hash: 7151F4723146819FD726DB68C848F7B77E9FF80750F090468F65A8B291D774D890CB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05208E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 44%
                                            			E05208E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x52cd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x52c8464; // 0x77010110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x52c5780 & 0x00000003) != 0) {
							E05255510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x52c5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0521B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x52c7984; // 0x902c00
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x52c8464; // 0x77010110
					 *0x52cb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E05209B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x52c5780 & 0x00000005) != 0) {
						_push(_t49);
						E05255510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                            0x05208e0f
                                            0x05208e16
                                            0x05208e19
                                            0x05208e1b
                                            0x05208e21
                                            0x05208e7f
                                            0x05208e85
                                            0x05249354
                                            0x0524936c
                                            0x05249371
                                            0x0524937b
                                            0x05249381
                                            0x05249381
                                            0x0524937b
                                            0x05208e9d
                                            0x05208e9d
                                            0x05208e29
                                            0x05208e2c
                                            0x05208e38
                                            0x05208e3e
                                            0x05208e43
                                            0x05208eb5
                                            0x05208eb9
                                            0x052492aa
                                            0x052492af
                                            0x052492e8
                                            0x052492e8
                                            0x052492af
                                            0x05208eb9
                                            0x05208e45
                                            0x05208e53
                                            0x05208e5b
                                            0x05208e5f
                                            0x05208e78
                                            0x05208e78
                                            0x05208e7d
                                            0x05208ec3
                                            0x05208ecd
                                            0x05208ed2
                                            0x05208ed2
                                            0x05208ec5
                                            0x05208ec5
                                            0x00000000
                                            0x05208e7d
                                            0x05208e67
                                            0x05208ea4
                                            0x0524931a
                                            0x00000000
                                            0x00000000
                                            0x05249320
                                            0x05208ea4
                                            0x05208e70
                                            0x05249325
                                            0x05249340
                                            0x05249345
                                            0x05249345
                                            0x05208e76
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Strings
                                            • Querying the active activation context failed with status 0x%08lx, xrefs: 05249357
                                            • LdrpFindDllActivationContext, xrefs: 05249331, 0524935D
                                            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0524932A
                                            • minkernel\ntdll\ldrsnap.c, xrefs: 0524933B, 05249367
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                            • API String ID: 0-3779518884
                                            • Opcode ID: 3d8d12bfb4b709903a123b5f6d41b7ca597c8b8a06d1424dff65871891a3e759
                                            • Instruction ID: e4488b6c1bab1f5172391f4d7c40e20be49d65d48fcb6915e9011103ff309441
                                            • Opcode Fuzzy Hash: 3d8d12bfb4b709903a123b5f6d41b7ca597c8b8a06d1424dff65871891a3e759
                                            • Instruction Fuzzy Hash: F3414A31A323129FDB35AB04888DE777BB6BF04254F056169F90D571D3EBB0ADC08681
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052949A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                            • API String ID: 2994545307-336120773
                                            • Opcode ID: 39756c61c8504bc11c710c72e66075b6e13faa105a38211580183616b7503c45
                                            • Instruction ID: b6789d272035d1851ebe6a70e3018429b408cb79105b90033ca48cc95630d7fc
                                            • Opcode Fuzzy Hash: 39756c61c8504bc11c710c72e66075b6e13faa105a38211580183616b7503c45
                                            • Instruction Fuzzy Hash: CB310531224111FFDF14EB58C8A9F67B3E9FF04620F254559F40ADB391E7B0A941CAAA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051E8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 83%
                                            			E051E8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E051E934A() != 0) {
								_t159 = E0525A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x52c5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E05255510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x52c5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E051E849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E051E8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E051E8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x52c5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x52c5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E051F2280(_t92, 0x52c86cc);
															_t94 = E052A9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E052061A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x52c5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E051E8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x52c5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x52c5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0521F380(_t136, 0x51b1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E051F2280(_t108, 0x52c86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E052061A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E052A9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E051EFFB0(_t118, _t156, 0x52c86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E05219A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                            0x051e8799
                                            0x051e879d
                                            0x051e87a1
                                            0x051e87a3
                                            0x051e87a8
                                            0x051e87c3
                                            0x051e87c3
                                            0x051e87c8
                                            0x051e87d1
                                            0x051e87d4
                                            0x051e87d8
                                            0x051e87e5
                                            0x051e87ec
                                            0x05239bfe
                                            0x05239c00
                                            0x05239c02
                                            0x05239c08
                                            0x05239c0d
                                            0x05239c0f
                                            0x05239c14
                                            0x05239c2d
                                            0x05239c32
                                            0x05239c37
                                            0x05239c3a
                                            0x05239c3c
                                            0x05239c42
                                            0x05239c42
                                            0x05239c3c
                                            0x05239c02
                                            0x051e87da
                                            0x051e87df
                                            0x051e87e3
                                            0x00000000
                                            0x00000000
                                            0x051e87e3
                                            0x051e87f2
                                            0x00000000
                                            0x051e87fb
                                            0x051e87fd
                                            0x051e87fe
                                            0x051e880e
                                            0x051e880f
                                            0x051e8810
                                            0x051e8814
                                            0x051e881a
                                            0x051e881c
                                            0x051e881f
                                            0x051e8821
                                            0x051e8822
                                            0x051e8824
                                            0x051e8826
                                            0x051e882c
                                            0x051e882e
                                            0x05239c48
                                            0x05239c48
                                            0x051e8834
                                            0x051e8834
                                            0x051e8837
                                            0x00000000
                                            0x00000000
                                            0x051e8837
                                            0x051e882e
                                            0x051e883d
                                            0x051e8840
                                            0x051e8843
                                            0x051e8846
                                            0x051e8849
                                            0x051e884c
                                            0x051e884e
                                            0x051e8850
                                            0x051e8852
                                            0x051e8854
                                            0x051e8857
                                            0x051e88b4
                                            0x051e88b6
                                            0x051e88b6
                                            0x051e8859
                                            0x051e8859
                                            0x051e8859
                                            0x051e8861
                                            0x051e8866
                                            0x051e886a
                                            0x051e893d
                                            0x051e8941
                                            0x00000000
                                            0x051e8947
                                            0x051e8947
                                            0x051e894a
                                            0x051e894c
                                            0x00000000
                                            0x051e8952
                                            0x051e8955
                                            0x051e895a
                                            0x051e895d
                                            0x051e895d
                                            0x051e895f
                                            0x051e8961
                                            0x051e8961
                                            0x051e8968
                                            0x00000000
                                            0x00000000
                                            0x051e896a
                                            0x051e896b
                                            0x051e896e
                                            0x00000000
                                            0x051e8970
                                            0x051e8970
                                            0x051e8970
                                            0x051e8970
                                            0x051e8972
                                            0x051e8972
                                            0x051e8974
                                            0x00000000
                                            0x051e897a
                                            0x051e897a
                                            0x051e897d
                                            0x00000000
                                            0x051e8983
                                            0x05239c65
                                            0x05239c6d
                                            0x05239c72
                                            0x05239c75
                                            0x05239c75
                                            0x05239c82
                                            0x05239c86
                                            0x05239c87
                                            0x05239c88
                                            0x05239c89
                                            0x05239c8c
                                            0x05239c90
                                            0x05239c95
                                            0x05239c97
                                            0x05239ca0
                                            0x05239ca3
                                            0x05239ca9
                                            0x05239ca9
                                            0x00000000
                                            0x05239ca9
                                            0x05239ca3
                                            0x00000000
                                            0x05239c97
                                            0x051e897d
                                            0x00000000
                                            0x051e8974
                                            0x051e8988
                                            0x051e8992
                                            0x051e8996
                                            0x00000000
                                            0x051e8996
                                            0x051e894c
                                            0x00000000
                                            0x051e8870
                                            0x051e887b
                                            0x051e887d
                                            0x051e887f
                                            0x051e8881
                                            0x051e8884
                                            0x051e8884
                                            0x051e8886
                                            0x051e8889
                                            0x051e888c
                                            0x051e888e
                                            0x051e8891
                                            0x051e8891
                                            0x051e8898
                                            0x00000000
                                            0x00000000
                                            0x051e889a
                                            0x051e889b
                                            0x051e889e
                                            0x00000000
                                            0x00000000
                                            0x051e88a0
                                            0x051e88a8
                                            0x051e88b0
                                            0x051e88b2
                                            0x051e88d3
                                            0x051e88d5
                                            0x00000000
                                            0x051e88d7
                                            0x051e88db
                                            0x051e88dc
                                            0x051e88e0
                                            0x051e88e8
                                            0x051e88ee
                                            0x051e88f0
                                            0x051e88f3
                                            0x051e88fc
                                            0x051e8901
                                            0x051e8906
                                            0x051e890c
                                            0x051e890c
                                            0x051e890f
                                            0x051e8916
                                            0x051e8917
                                            0x051e8918
                                            0x051e8919
                                            0x051e891a
                                            0x051e891f
                                            0x051e8921
                                            0x05239c52
                                            0x05239c55
                                            0x05239c5b
                                            0x05239cac
                                            0x05239cc0
                                            0x05239cc0
                                            0x05239c55
                                            0x051e8927
                                            0x051e8927
                                            0x051e892f
                                            0x051e8933
                                            0x00000000
                                            0x051e88f5
                                            0x051e88f5
                                            0x00000000
                                            0x051e88f7
                                            0x051e88f7
                                            0x051e88fa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051e88fa
                                            0x051e88f5
                                            0x051e88f3
                                            0x00000000
                                            0x051e88d5
                                            0x00000000
                                            0x051e88b2
                                            0x051e88c9
                                            0x00000000
                                            0x051e88c9
                                            0x051e887f
                                            0x051e886a
                                            0x051e8857
                                            0x051e8852
                                            0x051e88bf
                                            0x051e88bf
                                            0x051e87aa
                                            0x051e87ad
                                            0x051e87ae
                                            0x051e87b4
                                            0x051e87b5
                                            0x051e87b6
                                            0x051e87b8
                                            0x051e87bd
                                            0x051e87c1
                                            0x051e87f4
                                            0x051e87fa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051e87c1
                                            0x00000000

                                            Strings
                                            • LdrpDoPostSnapWork, xrefs: 05239C1E
                                            • minkernel\ntdll\ldrsnap.c, xrefs: 05239C28
                                            • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 05239C18
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                            • API String ID: 2994545307-1948996284
                                            • Opcode ID: 7def4a9accda1dcd3fc97cc7d52ebd34184fc74298fea633dfdb5769add9e829
                                            • Instruction ID: c52d3383c1c409df4496d66a6faa682f556b59a654e8b90add7778008704c14f
                                            • Opcode Fuzzy Hash: 7def4a9accda1dcd3fc97cc7d52ebd34184fc74298fea633dfdb5769add9e829
                                            • Instruction Fuzzy Hash: 5C910172B10A06AFDB18DF58C885EBAB7B6FF84300F154169ED06AB251DB70ED41CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051E7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E051E7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E051ECEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E051DC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x52c5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E05255510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x52c5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E051F7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E051F7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E05257016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E051F7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E051F7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E05257016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0520A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E051DB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                            0x051e7e4c
                                            0x051e7e50
                                            0x051e7e55
                                            0x051e7e58
                                            0x051e7e5d
                                            0x051e7e71
                                            0x051e7f33
                                            0x051e7e77
                                            0x051e7e77
                                            0x051e7e79
                                            0x051e7e79
                                            0x051e7e7e
                                            0x051e7f45
                                            0x05239848
                                            0x00000000
                                            0x05239848
                                            0x051e7f4e
                                            0x051e7f53
                                            0x051e7f5a
                                            0x00000000
                                            0x00000000
                                            0x0523985a
                                            0x05239862
                                            0x05239866
                                            0x00000000
                                            0x0523986c
                                            0x00000000
                                            0x0523986c
                                            0x051e7e84
                                            0x051e7e84
                                            0x051e7e8d
                                            0x05239871
                                            0x051e7eb8
                                            0x051e7ec0
                                            0x051e7ec0
                                            0x051e7e9a
                                            0x0523987e
                                            0x00000000
                                            0x00000000
                                            0x05239884
                                            0x0523988b
                                            0x052398a7
                                            0x052398ac
                                            0x052398b1
                                            0x052398b6
                                            0x052398b8
                                            0x052398b8
                                            0x052398b9
                                            0x00000000
                                            0x052398b9
                                            0x051e7ea0
                                            0x051e7ea7
                                            0x00000000
                                            0x00000000
                                            0x051e7eac
                                            0x051e7eb1
                                            0x051e7ec6
                                            0x051e7ed0
                                            0x052398cc
                                            0x051e7ed6
                                            0x051e7ed6
                                            0x051e7ed6
                                            0x051e7ede
                                            0x051e7ee3
                                            0x052398e3
                                            0x052398f0
                                            0x05239902
                                            0x052398f2
                                            0x052398fb
                                            0x052398fb
                                            0x05239907
                                            0x0523991d
                                            0x0523991d
                                            0x05239907
                                            0x052398e3
                                            0x051e7ef0
                                            0x051e7f14
                                            0x051e7f14
                                            0x051e7f1e
                                            0x05239946
                                            0x051e7f24
                                            0x051e7f24
                                            0x051e7f24
                                            0x051e7f2c
                                            0x0523996a
                                            0x05239975
                                            0x05239975
                                            0x0523997e
                                            0x05239993
                                            0x05239993
                                            0x0523997e
                                            0x00000000
                                            0x051e7ef2
                                            0x051e7efc
                                            0x051e7f0a
                                            0x051e7f0e
                                            0x05239933
                                            0x00000000
                                            0x05239933
                                            0x00000000
                                            0x051e7f0e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051e7eb1

                                            Strings
                                            • minkernel\ntdll\ldrmap.c, xrefs: 052398A2
                                            • LdrpCompleteMapModule, xrefs: 05239898
                                            • Could not validate the crypto signature for DLL %wZ, xrefs: 05239891
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                            • API String ID: 0-1676968949
                                            • Opcode ID: ad3807c89e12fcd8f7a350cd8ef97d710b2e33bd12b6a0f825c0b980de5d68cc
                                            • Instruction ID: fc186c58740a649fb4d0dcaa028c199a35ee1fedac82e2d54bfe9863cb553e75
                                            • Opcode Fuzzy Hash: ad3807c89e12fcd8f7a350cd8ef97d710b2e33bd12b6a0f825c0b980de5d68cc
                                            • Instruction Fuzzy Hash: D9510171614B819BEB29CF68C885B7ABBE5FF41310F040655E9529B3D1D7B4ED80CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051DE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E051DE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E051DF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E052195D0();
						}
						if(_t78 != 0) {
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0521FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0521BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E05219600();
					if(_t97 < 0) {
						goto L6;
					}
					E0521BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L051DF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0521BB40(_t83, _t102 + 0x24, _t78);
								if(L051E43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0521BB40(_t84, _t102 + 0x24, _t94);
									if(L051E43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                            0x051de620
                                            0x051de628
                                            0x051de62f
                                            0x051de631
                                            0x051de635
                                            0x051de637
                                            0x051de63e
                                            0x05235503
                                            0x05235503
                                            0x051de64c
                                            0x051de64c
                                            0x051de651
                                            0x00000000
                                            0x00000000
                                            0x051de661
                                            0x051de665
                                            0x0523542a
                                            0x051de715
                                            0x051de71a
                                            0x051de71c
                                            0x051de720
                                            0x051de720
                                            0x051de727
                                            0x051de736
                                            0x051de736
                                            0x051de743
                                            0x051de743
                                            0x051de673
                                            0x051de678
                                            0x051de67d
                                            0x051de682
                                            0x051de685
                                            0x051de692
                                            0x051de69b
                                            0x051de6a3
                                            0x051de6ad
                                            0x051de6b1
                                            0x051de6b2
                                            0x051de6bb
                                            0x051de6bf
                                            0x051de6c0
                                            0x051de6c8
                                            0x051de6cc
                                            0x051de6d5
                                            0x051de6d9
                                            0x00000000
                                            0x00000000
                                            0x051de6e5
                                            0x051de6ea
                                            0x051de6f9
                                            0x051de70b
                                            0x051de70f
                                            0x05235439
                                            0x0523545e
                                            0x0523545e
                                            0x00000000
                                            0x0523545e
                                            0x0523543b
                                            0x0523543e
                                            0x05235440
                                            0x05235445
                                            0x05235472
                                            0x05235475
                                            0x0523548d
                                            0x05235493
                                            0x052354a9
                                            0x00000000
                                            0x00000000
                                            0x052354ab
                                            0x052354b4
                                            0x052354bc
                                            0x052354c8
                                            0x052354de
                                            0x052354fb
                                            0x052354e0
                                            0x052354e6
                                            0x052354eb
                                            0x052354eb
                                            0x052354de
                                            0x00000000
                                            0x052354bc
                                            0x05235477
                                            0x0523547a
                                            0x05235480
                                            0x05235483
                                            0x05235486
                                            0x0523548b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0523548b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05235447
                                            0x05235447
                                            0x05235447
                                            0x05235447
                                            0x0523544e
                                            0x00000000
                                            0x00000000
                                            0x05235450
                                            0x05235452
                                            0x05235455
                                            0x0523545a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0523545c
                                            0x0523546a
                                            0x0523546d
                                            0x0523546f
                                            0x00000000
                                            0x0523546f
                                            0x051de70f

                                            Strings
                                            • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 051DE68C
                                            • @, xrefs: 051DE6C0
                                            • InstallLanguageFallback, xrefs: 051DE6DB
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                            • API String ID: 0-1757540487
                                            • Opcode ID: 8dfa499cedba38bf9946101c9b6a3c1d7a4c3630559dc0660b553035c5dd8556
                                            • Instruction ID: 741b91c096354e96e836736d9aa3553e653da7f7853c313edca9c3bba68a2641
                                            • Opcode Fuzzy Hash: 8dfa499cedba38bf9946101c9b6a3c1d7a4c3630559dc0660b553035c5dd8556
                                            • Instruction Fuzzy Hash: 0A51C4B26183469BC714DF24C444A7BB3E9BF98615F050A2EF98ED7240F774DA04C7A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0529E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 60%
                                            			E0529E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0529BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0529BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0529AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E05219730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0529A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0529A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E05219730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0529A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0529A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E051F2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E051EB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E051EFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E051F7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0528FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                            0x0529e547
                                            0x0529e549
                                            0x0529e54f
                                            0x0529e553
                                            0x0529e557
                                            0x0529e55a
                                            0x0529e55c
                                            0x0529e55f
                                            0x0529e561
                                            0x0529e567
                                            0x0529e56b
                                            0x0529e7e2
                                            0x00000000
                                            0x0529e571
                                            0x0529e575
                                            0x0529e577
                                            0x0529e57b
                                            0x0529e57c
                                            0x0529e57d
                                            0x0529e57e
                                            0x0529e57f
                                            0x0529e588
                                            0x0529e58f
                                            0x0529e591
                                            0x0529e592
                                            0x0529e592
                                            0x0529e596
                                            0x0529e59e
                                            0x0529e5a0
                                            0x0529e5a6
                                            0x0529e61d
                                            0x0529e61d
                                            0x0529e621
                                            0x0529e623
                                            0x0529e630
                                            0x0529e630
                                            0x0529e7e6
                                            0x0529e7eb
                                            0x0529e7ed
                                            0x0529e7f4
                                            0x0529e7fa
                                            0x0529e7ff
                                            0x0529e7ff
                                            0x0529e80a
                                            0x0529e812
                                            0x0529e812
                                            0x0529e5ab
                                            0x0529e5b4
                                            0x0529e5b9
                                            0x0529e5be
                                            0x0529e5c0
                                            0x0529e5c2
                                            0x0529e5c8
                                            0x0529e5c9
                                            0x0529e5cb
                                            0x0529e5cc
                                            0x0529e5d5
                                            0x0529e5e4
                                            0x0529e5f1
                                            0x0529e5f8
                                            0x0529e5f8
                                            0x0529e5d5
                                            0x0529e602
                                            0x0529e616
                                            0x0529e63d
                                            0x0529e644
                                            0x0529e64d
                                            0x0529e652
                                            0x0529e657
                                            0x0529e659
                                            0x0529e65b
                                            0x0529e661
                                            0x0529e662
                                            0x0529e664
                                            0x0529e665
                                            0x0529e66e
                                            0x0529e67d
                                            0x0529e68a
                                            0x0529e691
                                            0x0529e691
                                            0x0529e66e
                                            0x0529e6b0
                                            0x00000000
                                            0x0529e6b6
                                            0x0529e6bd
                                            0x0529e6c7
                                            0x0529e6d7
                                            0x0529e6d9
                                            0x0529e6db
                                            0x0529e6de
                                            0x0529e6e3
                                            0x0529e6f3
                                            0x0529e6fc
                                            0x0529e700
                                            0x0529e700
                                            0x0529e704
                                            0x0529e70a
                                            0x0529e70a
                                            0x0529e713
                                            0x0529e716
                                            0x0529e719
                                            0x0529e720
                                            0x0529e761
                                            0x0529e76b
                                            0x0529e774
                                            0x0529e77a
                                            0x0529e77a
                                            0x0529e78a
                                            0x0529e791
                                            0x0529e799
                                            0x0529e79b
                                            0x0529e79f
                                            0x0529e7aa
                                            0x0529e7c0
                                            0x0529e7ac
                                            0x0529e7b2
                                            0x0529e7b9
                                            0x0529e7b9
                                            0x0529e7c7
                                            0x0529e806
                                            0x00000000
                                            0x0529e7c9
                                            0x0529e7d1
                                            0x0529e7d8
                                            0x00000000
                                            0x0529e7d8
                                            0x00000000
                                            0x00000000
                                            0x0529e722
                                            0x0529e72e
                                            0x0529e748
                                            0x0529e74c
                                            0x0529e754
                                            0x0529e756
                                            0x0529e75c
                                            0x0529e75c
                                            0x00000000
                                            0x0529e75c
                                            0x0529e758
                                            0x0529e758
                                            0x00000000
                                            0x0529e758
                                            0x0529e750
                                            0x00000000
                                            0x00000000
                                            0x0529e752
                                            0x00000000
                                            0x0529e752
                                            0x0529e730
                                            0x0529e735
                                            0x0529e73d
                                            0x0529e73f
                                            0x00000000
                                            0x00000000
                                            0x0529e741
                                            0x0529e741
                                            0x00000000
                                            0x0529e741
                                            0x0529e739
                                            0x00000000
                                            0x00000000
                                            0x0529e73b
                                            0x00000000
                                            0x0529e73b
                                            0x0529e722
                                            0x0529e720
                                            0x0529e6b0
                                            0x0529e618
                                            0x00000000
                                            0x0529e618

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: `$`
                                            • API String ID: 0-197956300
                                            • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                            • Instruction ID: 39787cba995128fb503dc03e78e187466277d74c4ba09f84081952aa55be64f0
                                            • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                            • Instruction Fuzzy Hash: 239190352183429BEB28CF25C845B5BB7EABF84714F15892DF59ACB380E774E904CB52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052551BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E052551BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x52b05f0);
				E0522D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E051EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E052553CA(0);
						return E0522D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0521F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E051F3690(1, _t117, 0x51b1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0521AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L051F4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0521AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0525500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E05219860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                            0x052551be
                                            0x052551c3
                                            0x052551c8
                                            0x052551cd
                                            0x052551d0
                                            0x052551d3
                                            0x052551d8
                                            0x052551db
                                            0x052551de
                                            0x052551e0
                                            0x052551e3
                                            0x052551e6
                                            0x052551e8
                                            0x05255342
                                            0x05255351
                                            0x05255356
                                            0x0525535a
                                            0x05255360
                                            0x05255363
                                            0x05255366
                                            0x05255369
                                            0x05255369
                                            0x0525536b
                                            0x0525536b
                                            0x05255370
                                            0x052553a3
                                            0x052553a4
                                            0x052553a6
                                            0x052553ab
                                            0x052553ab
                                            0x052553ae
                                            0x052553ae
                                            0x052553b5
                                            0x052553bf
                                            0x052553bf
                                            0x05255375
                                            0x05255396
                                            0x052553a0
                                            0x052553a0
                                            0x00000000
                                            0x05255396
                                            0x05255377
                                            0x05255379
                                            0x0525537f
                                            0x0525538c
                                            0x05255390
                                            0x00000000
                                            0x05255390
                                            0x052551ee
                                            0x052551f1
                                            0x05255301
                                            0x05255310
                                            0x05255315
                                            0x05255318
                                            0x0525531b
                                            0x05255320
                                            0x0525532e
                                            0x05255331
                                            0x00000000
                                            0x05255331
                                            0x05255328
                                            0x05255329
                                            0x00000000
                                            0x05255329
                                            0x052551fa
                                            0x05255235
                                            0x05255236
                                            0x05255239
                                            0x0525523f
                                            0x05255240
                                            0x05255241
                                            0x05255242
                                            0x05255246
                                            0x05255247
                                            0x0525524e
                                            0x05255251
                                            0x05255267
                                            0x05255269
                                            0x0525526e
                                            0x0525527d
                                            0x0525527e
                                            0x05255281
                                            0x05255282
                                            0x05255287
                                            0x05255288
                                            0x0525528a
                                            0x0525528f
                                            0x05255294
                                            0x00000000
                                            0x00000000
                                            0x0525529a
                                            0x0525529c
                                            0x0525529e
                                            0x0525529e
                                            0x052552a4
                                            0x052552b0
                                            0x00000000
                                            0x00000000
                                            0x052552ba
                                            0x052552bc
                                            0x052552bc
                                            0x052552d4
                                            0x052552d9
                                            0x052552dc
                                            0x052552e1
                                            0x00000000
                                            0x00000000
                                            0x052552e7
                                            0x052552f4
                                            0x00000000
                                            0x052552f4
                                            0x05255270
                                            0x00000000
                                            0x05255270
                                            0x052551fc
                                            0x052551fd
                                            0x05255202
                                            0x05255203
                                            0x05255205
                                            0x0525520a
                                            0x0525520f
                                            0x00000000
                                            0x00000000
                                            0x0525521b
                                            0x05255226
                                            0x0525522b
                                            0x0525521d
                                            0x0525521d
                                            0x05255222
                                            0x05255222
                                            0x0525522d
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: Legacy$UEFI
                                            • API String ID: 2994545307-634100481
                                            • Opcode ID: caa326daefb5d34ce126c2312704fc7066b32327cc07d083bfd8360f7f5339d3
                                            • Instruction ID: b855a7f5a46089e36bf80b95f189219496363aa0f32da7f7fd88b15a4da394c0
                                            • Opcode Fuzzy Hash: caa326daefb5d34ce126c2312704fc7066b32327cc07d083bfd8360f7f5339d3
                                            • Instruction Fuzzy Hash: 77517D71F24609AFDB24DFA8D984AAEBBF9FF48710F14402DEA49EB251D7709940CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051FB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 76%
                                            			E051FB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x52cd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E051F7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E052A8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E05219E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0521B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0521CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E051F7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E052A8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0521AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x52c8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x52c862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x52c8628; // 0x0
							_t116 =  *0x52c862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                            0x051fb94c
                                            0x051fb956
                                            0x051fb95c
                                            0x051fb95e
                                            0x051fb964
                                            0x051fb969
                                            0x051fb96d
                                            0x051fb96d
                                            0x051fb970
                                            0x051fb974
                                            0x051fb97a
                                            0x051fbadf
                                            0x051fbadf
                                            0x051fbae2
                                            0x051fbae4
                                            0x051fbae6
                                            0x051fbaf0
                                            0x05242cb8
                                            0x051fbaf6
                                            0x051fbaf6
                                            0x051fbaf6
                                            0x051fbafd
                                            0x051fbb1f
                                            0x051fbb1f
                                            0x051fbaff
                                            0x051fbb00
                                            0x051fbb00
                                            0x051fbb03
                                            0x051fbb03
                                            0x051fbacb
                                            0x051fbacf
                                            0x051fbad0
                                            0x051fbad1
                                            0x051fbadc
                                            0x051fbadc
                                            0x051fb980
                                            0x051fb980
                                            0x051fb988
                                            0x051fb98b
                                            0x051fb98d
                                            0x051fb990
                                            0x051fb993
                                            0x051fb999
                                            0x051fb99b
                                            0x051fb9a1
                                            0x051fb9a5
                                            0x051fb9aa
                                            0x051fb9b0
                                            0x051fb9bb
                                            0x051fb9c0
                                            0x051fb9c3
                                            0x051fb9ca
                                            0x051fb9cc
                                            0x051fb9cf
                                            0x051fb9d3
                                            0x051fb9d7
                                            0x051fba94
                                            0x051fba94
                                            0x051fba98
                                            0x051fbaa3
                                            0x05242ccb
                                            0x051fbaa9
                                            0x051fbaa9
                                            0x051fbaa9
                                            0x051fbab1
                                            0x05242cd5
                                            0x05242cdd
                                            0x05242cdd
                                            0x051fbabb
                                            0x051fbabc
                                            0x051fbac2
                                            0x051fbac3
                                            0x051fbac3
                                            0x051fbac6
                                            0x00000000
                                            0x051fb9dd
                                            0x051fb9dd
                                            0x051fb9e7
                                            0x051fb9e7
                                            0x051fb9ec
                                            0x051fb9ec
                                            0x051fb9f1
                                            0x051fb9f5
                                            0x051fb9fa
                                            0x051fba00
                                            0x051fba0c
                                            0x051fba10
                                            0x051fba10
                                            0x051fba12
                                            0x051fba18
                                            0x00000000
                                            0x00000000
                                            0x051fbb26
                                            0x051fbb26
                                            0x051fba1e
                                            0x051fba1e
                                            0x051fba23
                                            0x051fba25
                                            0x051fba2c
                                            0x051fba30
                                            0x051fba35
                                            0x051fba35
                                            0x051fba41
                                            0x051fba46
                                            0x051fba4c
                                            0x051fba50
                                            0x051fba54
                                            0x051fba6a
                                            0x051fba6e
                                            0x051fba70
                                            0x051fba74
                                            0x051fba78
                                            0x051fba7a
                                            0x051fba7c
                                            0x051fba8e
                                            0x051fba90
                                            0x051fba92
                                            0x051fbb14
                                            0x051fbb14
                                            0x051fbb16
                                            0x051fbb16
                                            0x00000000
                                            0x051fba7c
                                            0x051fbb0a
                                            0x051fbb0d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051fbb0f

                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 051FB9A5
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID:
                                            • API String ID: 885266447-0
                                            • Opcode ID: 1aadf26dc0b265ea5d2eb463498cc1f9896006b92e314c1f73702f93ae2d010a
                                            • Instruction ID: 3bcf72febb946ee7f52a04a738fe27e6247cb3ed82ea96daca5a244c71e15617
                                            • Opcode Fuzzy Hash: 1aadf26dc0b265ea5d2eb463498cc1f9896006b92e314c1f73702f93ae2d010a
                                            • Instruction Fuzzy Hash: 935159B5A18341CFC724CF29C08492BBBE6FF88610F55896EFA9587355DB30E844CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051DB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                            Download Yara Rule
                                            C-Code - Quality: 78%
                                            			E051DB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x52af7a8);
				E0522D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0522D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0521D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0521F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0522DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0521B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0521B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0521E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0521A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                            0x051db171
                                            0x051db171
                                            0x051db171
                                            0x051db171
                                            0x051db171
                                            0x051db176
                                            0x051db17b
                                            0x051db180
                                            0x051db186
                                            0x051db18f
                                            0x051db198
                                            0x051db1a4
                                            0x051db1aa
                                            0x05234802
                                            0x05234802
                                            0x05234805
                                            0x0523480c
                                            0x0523480e
                                            0x051db1d1
                                            0x051db1d3
                                            0x051db1de
                                            0x051db1de
                                            0x05234817
                                            0x0523481e
                                            0x05234820
                                            0x05234822
                                            0x05234822
                                            0x05234824
                                            0x05234824
                                            0x0523482a
                                            0x00000000
                                            0x00000000
                                            0x05234835
                                            0x0523483a
                                            0x0523483d
                                            0x0523483f
                                            0x05234842
                                            0x05234842
                                            0x05234842
                                            0x05234846
                                            0x0523484c
                                            0x0523484e
                                            0x05234851
                                            0x05234851
                                            0x05234853
                                            0x05234854
                                            0x05234854
                                            0x05234858
                                            0x0523485a
                                            0x0523485a
                                            0x0523485d
                                            0x0523485f
                                            0x05234861
                                            0x05234861
                                            0x05234866
                                            0x0523486b
                                            0x0523486e
                                            0x05234871
                                            0x05234876
                                            0x05234876
                                            0x05234878
                                            0x0523487b
                                            0x05234884
                                            0x05234884
                                            0x00000000
                                            0x0523487d
                                            0x0523487d
                                            0x05234882
                                            0x05234889
                                            0x05234889
                                            0x0523488f
                                            0x05234891
                                            0x052348e0
                                            0x052348e2
                                            0x052348e4
                                            0x052348e4
                                            0x052348e7
                                            0x052348e7
                                            0x052348ed
                                            0x052348f4
                                            0x052348f6
                                            0x05234951
                                            0x05234951
                                            0x05234953
                                            0x05234953
                                            0x05234956
                                            0x05234956
                                            0x05234958
                                            0x05234959
                                            0x05234959
                                            0x0523495d
                                            0x0523495d
                                            0x0523495f
                                            0x0523495f
                                            0x05234965
                                            0x05234969
                                            0x052349ba
                                            0x052349ba
                                            0x052349c1
                                            0x052349c5
                                            0x052349cc
                                            0x052349d4
                                            0x052349d7
                                            0x052349da
                                            0x052349e4
                                            0x052349e5
                                            0x052349f3
                                            0x05234a02
                                            0x00000000
                                            0x05234a02
                                            0x05234972
                                            0x05234974
                                            0x00000000
                                            0x00000000
                                            0x05234976
                                            0x05234979
                                            0x05234982
                                            0x05234983
                                            0x05234984
                                            0x0523498b
                                            0x0523498d
                                            0x05234991
                                            0x05234993
                                            0x05234999
                                            0x0523499d
                                            0x052349a2
                                            0x052349a2
                                            0x052349a2
                                            0x05234999
                                            0x052349ac
                                            0x00000000
                                            0x052349b3
                                            0x052348f8
                                            0x052348fe
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x052348fe
                                            0x05234895
                                            0x0523489c
                                            0x052348ad
                                            0x052348b2
                                            0x052348b5
                                            0x052348b7
                                            0x052348ba
                                            0x052348bc
                                            0x052348c6
                                            0x052348c6
                                            0x052348cb
                                            0x052348d1
                                            0x052348d4
                                            0x052348d8
                                            0x052348d8
                                            0x00000000
                                            0x052348d8
                                            0x052348be
                                            0x052348c0
                                            0x00000000
                                            0x00000000
                                            0x052348c2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x052348c4
                                            0x00000000
                                            0x05234882
                                            0x0523487b
                                            0x05234904
                                            0x05234906
                                            0x00000000
                                            0x00000000
                                            0x05234908
                                            0x0523490e
                                            0x00000000
                                            0x00000000
                                            0x05234910
                                            0x05234917
                                            0x05234917
                                            0x00000000
                                            0x05234917
                                            0x051db1ba
                                            0x052347f9
                                            0x052347fc
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x052347fc
                                            0x051db1c0
                                            0x051db1c0
                                            0x051db1c3
                                            0x051db1cb
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: _vswprintf_s
                                            • String ID:
                                            • API String ID: 677850445-0
                                            • Opcode ID: 8d30c9e9bdbac8aeba4890e18584bc59f0b01970c86793a9daceb05c8b2c56c6
                                            • Instruction ID: ca0b2c21dc1c717ee8082d85b5439077bb70059e9b8c5f7a5811cd3c227e78dc
                                            • Opcode Fuzzy Hash: 8d30c9e9bdbac8aeba4890e18584bc59f0b01970c86793a9daceb05c8b2c56c6
                                            • Instruction Fuzzy Hash: 7451E1B5E2425A8EDF31EF64C88ABBEBBB1BF04710F1141E9D859AB281D77449418FD0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05202581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E05202581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t230;
				signed char _t234;
				intOrPtr* _t237;
				signed int _t238;
				signed char _t239;
				signed int _t246;
				signed int _t248;
				intOrPtr _t250;
				signed int _t253;
				signed int _t260;
				signed int _t263;
				signed int _t271;
				intOrPtr _t277;
				signed int _t279;
				signed int _t281;
				void* _t282;
				signed int _t283;
				unsigned int _t286;
				signed int _t290;
				signed int _t293;
				signed int _t297;
				intOrPtr _t310;
				signed int _t319;
				signed int _t321;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t330;
				signed int _t331;
				signed int _t333;
				signed int _t335;
				intOrPtr* _t336;
				signed char _t338;
				void* _t339;

				_t333 = _t335;
				_t336 = _t335 - 0x4c;
				_v8 =  *0x52cd360 ^ _t333;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t326 = 0x52cb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t286 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t339 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t277 = 0x48;
				_t307 = 0 | _t339 == 0x00000000;
				_t319 = 0;
				_v37 = _t339 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t277 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t327 = 0xc0000106;
						goto L32;
					} else {
						_t326 = L051F4620(_t286,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t277);
						_v52 = _t326;
						__eflags = _t326;
						if(_t326 == 0) {
							_t327 = 0xc0000017;
							goto L32;
						} else {
							 *(_t326 + 0x44) =  *(_t326 + 0x44) & 0x00000000;
							_t50 = _t326 + 0x48; // 0x48
							_t321 = _t50;
							_t307 = _v32;
							 *((intOrPtr*)(_t326 + 0x3c)) = _t277;
							_t279 = 0;
							 *((short*)(_t326 + 0x30)) = _v48;
							__eflags = _t307;
							if(_t307 != 0) {
								 *(_t326 + 0x18) = _t321;
								__eflags = _t307 - 0x52c8478;
								 *_t326 = ((0 | _t307 == 0x052c8478) - 0x00000001 & 0xfffffffb) + 7;
								E0521F3E0(_t321,  *((intOrPtr*)(_t307 + 4)),  *_t307 & 0x0000ffff);
								_t307 = _v32;
								_t336 = _t336 + 0xc;
								_t279 = 1;
								__eflags = _a8;
								_t321 = _t321 + (( *_t307 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t271 = E052639F2(_t321);
									_t307 = _v32;
									_t321 = _t271;
								}
							}
							_t290 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t327 = _v68;
								__eflags = 0;
								 *((short*)(_t321 - 2)) = 0;
								goto L32;
							} else {
								_t281 = _t326 + _t279 * 4;
								_v56 = _t281;
								do {
									__eflags = _t307;
									if(_t307 != 0) {
										_t230 =  *(_v60 + _t290 * 4);
										__eflags = _t230;
										if(_t230 == 0) {
											goto L30;
										} else {
											__eflags = _t230 == 5;
											if(_t230 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t281 =  *(_v60 + _t290 * 4);
										 *(_t281 + 0x18) = _t321;
										_t234 =  *(_v60 + _t290 * 4);
										__eflags = _t234 - 8;
										if(_t234 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t234 * 4 +  &M05202959))) {
												case 0:
													__ax =  *0x52c8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0521F3E0(__edi,  *0x52c848c, __ax & 0x0000ffff);
														__eax =  *0x52c8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0521F3E0(_t321, _v80, _v64);
													_t266 = _v64;
													goto L26;
												case 2:
													 *0x52c8480 & 0x0000ffff = E0521F3E0(__edi,  *0x52c8484,  *0x52c8480 & 0x0000ffff);
													__eax =  *0x52c8480 & 0x0000ffff;
													__eax = ( *0x52c8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0521F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0521F3E0(_t321, _v76, _v36);
														_t266 = _v36;
													}
													L26:
													_t336 = _t336 + 0xc;
													_t321 = _t321 + (_t266 >> 1) * 2 + 2;
													__eflags = _t321;
													L27:
													_push(0x3b);
													_pop(_t268);
													 *((short*)(_t321 - 2)) = _t268;
													goto L28;
												case 6:
													__ebx = "\\W[w\\W[w";
													__eflags = __ebx - "\\W[w\\W[w";
													if(__ebx != "\\W[w\\W[w") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0521F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\W[w\\W[w";
														} while (__ebx != "\\W[w\\W[w");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x52c8478 & 0x0000ffff = E0521F3E0(__edi,  *0x52c847c,  *0x52c8478 & 0x0000ffff);
													__eax =  *0x52c8478 & 0x0000ffff;
													__eax = ( *0x52c8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E052639F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x52c6e58 & 0x0000ffff = E0521F3E0(__edi,  *0x52c6e5c,  *0x52c6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x52c6e58 & 0x0000ffff;
													__eax = ( *0x52c6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t290 = _v16;
													_t307 = _v32;
													L29:
													_t281 = _t281 + 4;
													__eflags = _t281;
													_v56 = _t281;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t290 = _t290 + 1;
									_v16 = _t290;
									__eflags = _t290 - _v48;
								} while (_t290 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t234 =  *(_v60 + _t319 * 4);
						if(_t234 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t234 * 4 +  &M05202935))) {
							case 0:
								__ax =  *0x52c8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t307 =  &_v64;
								_v80 = E05202E3E(0,  &_v64);
								_t277 = _t277 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x52c8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x52c8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E051EEEF0(0x52c79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E051EEB70(__ecx, 0x52c79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t208 = _v72;
											__eflags = _t208;
											if(_t208 != 0) {
												L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t208);
											}
											_t209 = _v52;
											__eflags = _t209;
											if(_t209 != 0) {
												__eflags = _t327;
												if(_t327 < 0) {
													L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t209);
													_t209 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t286 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x52c7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L051F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E051EEB70(__ecx, 0x52c79a0);
										__eax = _v52;
										L36:
										_pop(_t320);
										_pop(_t328);
										__eflags = _v8 ^ _t333;
										_pop(_t278);
										return E0521B640(_t209, _t278, _v8 ^ _t333, _t307, _t320, _t328);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t273 = _v56;
								if(_v56 != 0) {
									_t307 =  &_v36;
									_t275 = E05202E3E(_t273,  &_v36);
									_t286 = _v36;
									_v76 = _t275;
								}
								if(_t286 == 0) {
									goto L44;
								} else {
									_t277 = _t277 + 2 + _t286;
								}
								goto L14;
							case 6:
								__eax =  *0x52c5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x52c8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x52c8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x52c6e58 & 0x0000ffff;
								__eax = ( *0x52c6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t319 = _t319 + 1;
								if(_t319 >= _v48) {
									goto L16;
								} else {
									_t307 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					 *0x5202866 =  *0x5202866 & _t234;
					asm("loopne 0x29");
					 *0x520262e =  *0x520262e & _t234;
					 *_t234 =  *_t234 - _t234;
					ds = 0x25;
					_pop(_t282);
					_t237 = _t336;
					_t338 = _t234 + 0x05202605 & 0x00000005;
					 *_t237 =  *_t237 - _t237;
					_t238 = _t237 + 0x5245b35;
					 *0x5202880 =  *0x5202880 & _t238;
					_t239 = _t238 *  *_t321;
					 *0x520281e =  *0x520281e & _t239;
					_t330 = _t326 + 1 - 1;
					 *_t239 =  *_t239 - _t239;
					asm("fcomp dword [ebx+0x24]");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x52aff00);
					E0522D08C(_t282, _t321, _t330);
					_v44 =  *[fs:0x18];
					_t322 = 0;
					 *_a24 = 0;
					_t283 = _a12;
					__eflags = _t283;
					if(_t283 == 0) {
						_t246 = 0xc0000100;
					} else {
						_v8 = 0;
						_t331 = 0xc0000100;
						_v52 = 0xc0000100;
						_t248 = 4;
						while(1) {
							_v40 = _t248;
							__eflags = _t248;
							if(_t248 == 0) {
								break;
							}
							_t297 = _t248 * 0xc;
							_v48 = _t297;
							__eflags = _t283 -  *((intOrPtr*)(_t297 + 0x51b1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t263 = E0521E5C0(_a8,  *((intOrPtr*)(_t297 + 0x51b1668)), _t283);
									_t338 = _t338 + 0xc;
									__eflags = _t263;
									if(__eflags == 0) {
										_t331 = E052551BE(_t283,  *((intOrPtr*)(_v48 + 0x51b166c)), _a16, _t322, _t331, __eflags, _a20, _a24);
										_v52 = _t331;
										break;
									} else {
										_t248 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t248 = _t248 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t331;
						__eflags = _t331;
						if(_t331 < 0) {
							__eflags = _t331 - 0xc0000100;
							if(_t331 == 0xc0000100) {
								_t293 = _a4;
								__eflags = _t293;
								if(_t293 != 0) {
									_v36 = _t293;
									__eflags =  *_t293 - _t322;
									if( *_t293 == _t322) {
										_t331 = 0xc0000100;
										goto L76;
									} else {
										_t310 =  *((intOrPtr*)(_v44 + 0x30));
										_t250 =  *((intOrPtr*)(_t310 + 0x10));
										__eflags =  *((intOrPtr*)(_t250 + 0x48)) - _t293;
										if( *((intOrPtr*)(_t250 + 0x48)) == _t293) {
											__eflags =  *(_t310 + 0x1c);
											if( *(_t310 + 0x1c) == 0) {
												L106:
												_t331 = E05202AE4( &_v36, _a8, _t283, _a16, _a20, _a24);
												_v32 = _t331;
												__eflags = _t331 - 0xc0000100;
												if(_t331 != 0xc0000100) {
													goto L69;
												} else {
													_t322 = 1;
													_t293 = _v36;
													goto L75;
												}
											} else {
												_t253 = E051E6600( *(_t310 + 0x1c));
												__eflags = _t253;
												if(_t253 != 0) {
													goto L106;
												} else {
													_t293 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t331 = E05202C50(_t293, _a8, _t283, _a16, _a20, _a24, _t322);
											L76:
											_v32 = _t331;
											goto L69;
										}
									}
									goto L108;
								} else {
									E051EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t331 = _a24;
									_t260 = E05202AE4( &_v36, _a8, _t283, _a16, _a20, _t331);
									_v32 = _t260;
									__eflags = _t260 - 0xc0000100;
									if(_t260 == 0xc0000100) {
										_v32 = E05202C50(_v36, _a8, _t283, _a16, _a20, _t331, 1);
									}
									_v8 = _t322;
									E05202ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t246 = _t331;
					}
					L70:
					return E0522D0D1(_t246);
				}
				L108:
			}























































                                            0x05202584
                                            0x05202586
                                            0x05202590
                                            0x05202596
                                            0x05202597
                                            0x05202598
                                            0x05202599
                                            0x0520259e
                                            0x052025a4
                                            0x052025a9
                                            0x052025ac
                                            0x052025ae
                                            0x052025b1
                                            0x052025b2
                                            0x052025b5
                                            0x052025b8
                                            0x052025bb
                                            0x052025bc
                                            0x052025bf
                                            0x052025c2
                                            0x052025c5
                                            0x052025c6
                                            0x052025cb
                                            0x052025ce
                                            0x052025d8
                                            0x052025db
                                            0x052025dd
                                            0x052025de
                                            0x052025e1
                                            0x052025e3
                                            0x052025e9
                                            0x052026da
                                            0x052026da
                                            0x052026dd
                                            0x052026e2
                                            0x05245b56
                                            0x00000000
                                            0x052026e8
                                            0x052026f9
                                            0x052026fb
                                            0x052026fe
                                            0x05202700
                                            0x05245b60
                                            0x00000000
                                            0x05202706
                                            0x05202706
                                            0x0520270a
                                            0x0520270a
                                            0x0520270d
                                            0x05202713
                                            0x05202716
                                            0x05202718
                                            0x0520271c
                                            0x0520271e
                                            0x05245b6c
                                            0x05245b6f
                                            0x05245b7f
                                            0x05245b89
                                            0x05245b8e
                                            0x05245b93
                                            0x05245b96
                                            0x05245b9c
                                            0x05245ba0
                                            0x05245ba3
                                            0x05245bab
                                            0x05245bb0
                                            0x05245bb3
                                            0x05245bb3
                                            0x05245ba3
                                            0x05202724
                                            0x05202726
                                            0x05202729
                                            0x0520272c
                                            0x0520279d
                                            0x0520279d
                                            0x052027a0
                                            0x052027a2
                                            0x00000000
                                            0x0520272e
                                            0x0520272e
                                            0x05202731
                                            0x05202734
                                            0x05202734
                                            0x05202736
                                            0x05245bc1
                                            0x05245bc1
                                            0x05245bc4
                                            0x00000000
                                            0x05245bca
                                            0x05245bca
                                            0x05245bcd
                                            0x00000000
                                            0x05245bd3
                                            0x00000000
                                            0x05245bd3
                                            0x05245bcd
                                            0x0520273c
                                            0x0520273c
                                            0x05202742
                                            0x05202747
                                            0x0520274a
                                            0x0520274d
                                            0x05202750
                                            0x00000000
                                            0x05202756
                                            0x05202756
                                            0x00000000
                                            0x05202902
                                            0x05202908
                                            0x0520290b
                                            0x00000000
                                            0x05202911
                                            0x0520291c
                                            0x05202921
                                            0x00000000
                                            0x05202921
                                            0x00000000
                                            0x00000000
                                            0x05202880
                                            0x05202887
                                            0x0520288c
                                            0x00000000
                                            0x00000000
                                            0x05202805
                                            0x0520280a
                                            0x05202814
                                            0x05202816
                                            0x00000000
                                            0x00000000
                                            0x0520281e
                                            0x05202821
                                            0x05202823
                                            0x00000000
                                            0x05202829
                                            0x05202829
                                            0x05202831
                                            0x0520283c
                                            0x0520283e
                                            0x00000000
                                            0x0520283e
                                            0x00000000
                                            0x00000000
                                            0x0520284e
                                            0x05202850
                                            0x05202851
                                            0x05202854
                                            0x05202857
                                            0x0520285a
                                            0x0520285c
                                            0x0520285d
                                            0x00000000
                                            0x00000000
                                            0x0520275d
                                            0x05202761
                                            0x00000000
                                            0x05202767
                                            0x0520276e
                                            0x05202773
                                            0x05202773
                                            0x05202776
                                            0x05202778
                                            0x0520277e
                                            0x0520277e
                                            0x05202781
                                            0x05202781
                                            0x05202783
                                            0x05202784
                                            0x00000000
                                            0x00000000
                                            0x05245bd8
                                            0x05245bde
                                            0x05245be4
                                            0x05245be6
                                            0x05245be8
                                            0x05245be9
                                            0x05245bee
                                            0x05245bf8
                                            0x05245bff
                                            0x05245c01
                                            0x05245c04
                                            0x05245c07
                                            0x05245c0b
                                            0x05245c0d
                                            0x05245c0d
                                            0x05245c15
                                            0x05245c18
                                            0x05245c1b
                                            0x05245c1b
                                            0x05245c1e
                                            0x00000000
                                            0x00000000
                                            0x052028c3
                                            0x052028c8
                                            0x052028d2
                                            0x052028d4
                                            0x052028d8
                                            0x052028db
                                            0x05245c26
                                            0x05245c28
                                            0x05245c2d
                                            0x05245c2d
                                            0x00000000
                                            0x00000000
                                            0x05245c34
                                            0x05245c36
                                            0x05245c49
                                            0x05245c4e
                                            0x05245c54
                                            0x05245c5b
                                            0x05245c5d
                                            0x05245c60
                                            0x05202788
                                            0x05202788
                                            0x0520278b
                                            0x0520278e
                                            0x0520278e
                                            0x0520278e
                                            0x05202791
                                            0x00000000
                                            0x00000000
                                            0x05202756
                                            0x05202750
                                            0x00000000
                                            0x05202794
                                            0x05202794
                                            0x05202795
                                            0x05202798
                                            0x05202798
                                            0x00000000
                                            0x05202734
                                            0x0520272c
                                            0x05202700
                                            0x052025ef
                                            0x052025ef
                                            0x052025ef
                                            0x052025f2
                                            0x052025f8
                                            0x00000000
                                            0x00000000
                                            0x052025fe
                                            0x00000000
                                            0x052028e6
                                            0x052028ec
                                            0x052028ef
                                            0x052028f5
                                            0x052028f8
                                            0x052028f8
                                            0x00000000
                                            0x052028f8
                                            0x00000000
                                            0x00000000
                                            0x05202866
                                            0x05202866
                                            0x05202876
                                            0x05202879
                                            0x00000000
                                            0x00000000
                                            0x052027e0
                                            0x052027e7
                                            0x052027e9
                                            0x052027eb
                                            0x05245afd
                                            0x00000000
                                            0x05245afd
                                            0x00000000
                                            0x00000000
                                            0x05202633
                                            0x05202638
                                            0x0520263b
                                            0x0520263c
                                            0x0520263e
                                            0x05202640
                                            0x05202642
                                            0x05202647
                                            0x05202649
                                            0x0520264e
                                            0x05202650
                                            0x05202653
                                            0x05202659
                                            0x052026a2
                                            0x052026a7
                                            0x052026ac
                                            0x052026b2
                                            0x05245b11
                                            0x05245b15
                                            0x05245b17
                                            0x00000000
                                            0x052026b8
                                            0x052026b8
                                            0x052026ba
                                            0x052027a6
                                            0x052027a6
                                            0x052027a9
                                            0x052027ab
                                            0x052027b9
                                            0x052027b9
                                            0x052027be
                                            0x052027c1
                                            0x052027c3
                                            0x052027c5
                                            0x052027c7
                                            0x05245c74
                                            0x05245c79
                                            0x05245c79
                                            0x052027c7
                                            0x00000000
                                            0x052026c0
                                            0x052026c0
                                            0x052026c3
                                            0x052026c6
                                            0x052026c6
                                            0x052026c9
                                            0x052026c9
                                            0x00000000
                                            0x052026c9
                                            0x052026ba
                                            0x0520265b
                                            0x0520265b
                                            0x0520265e
                                            0x05202667
                                            0x0520266d
                                            0x05202677
                                            0x0520267c
                                            0x0520267f
                                            0x05202681
                                            0x05245b49
                                            0x05245b4e
                                            0x052027cd
                                            0x052027d0
                                            0x052027d1
                                            0x052027d2
                                            0x052027d4
                                            0x052027dd
                                            0x05202687
                                            0x05202687
                                            0x0520268a
                                            0x0520268b
                                            0x0520268e
                                            0x0520268f
                                            0x05202691
                                            0x05202696
                                            0x05202698
                                            0x0520269d
                                            0x0520269f
                                            0x00000000
                                            0x0520269f
                                            0x05202681
                                            0x00000000
                                            0x00000000
                                            0x05202846
                                            0x00000000
                                            0x00000000
                                            0x05202605
                                            0x0520260a
                                            0x0520260c
                                            0x05202611
                                            0x05202616
                                            0x05202619
                                            0x05202619
                                            0x0520261e
                                            0x00000000
                                            0x05202624
                                            0x05202627
                                            0x05202627
                                            0x00000000
                                            0x00000000
                                            0x05245b1f
                                            0x00000000
                                            0x00000000
                                            0x05202894
                                            0x0520289b
                                            0x0520289d
                                            0x052028a1
                                            0x05245b2b
                                            0x05245b2e
                                            0x05245b2e
                                            0x052028a7
                                            0x052028a9
                                            0x05245b04
                                            0x05245b09
                                            0x05245b09
                                            0x05245b09
                                            0x00000000
                                            0x00000000
                                            0x05245b35
                                            0x05245b3c
                                            0x052028fb
                                            0x052028fb
                                            0x052026cc
                                            0x052026cc
                                            0x052026d0
                                            0x00000000
                                            0x052026d2
                                            0x052026d2
                                            0x00000000
                                            0x052026d2
                                            0x00000000
                                            0x00000000
                                            0x052025fe
                                            0x0520292d
                                            0x05202930
                                            0x05202935
                                            0x05202937
                                            0x0520293d
                                            0x0520293f
                                            0x05202946
                                            0x0520294d
                                            0x0520294e
                                            0x05202951
                                            0x05202951
                                            0x05202952
                                            0x05202954
                                            0x0520295b
                                            0x05202961
                                            0x05202963
                                            0x05202969
                                            0x0520296a
                                            0x05202971
                                            0x0520297d
                                            0x0520297e
                                            0x0520297f
                                            0x05202980
                                            0x05202981
                                            0x05202982
                                            0x05202983
                                            0x05202984
                                            0x05202985
                                            0x05202986
                                            0x05202987
                                            0x05202988
                                            0x05202989
                                            0x0520298a
                                            0x0520298b
                                            0x0520298c
                                            0x0520298d
                                            0x0520298e
                                            0x0520298f
                                            0x05202990
                                            0x05202992
                                            0x05202997
                                            0x052029a3
                                            0x052029a6
                                            0x052029ab
                                            0x052029ad
                                            0x052029b0
                                            0x052029b2
                                            0x05245c80
                                            0x052029b8
                                            0x052029b8
                                            0x052029bb
                                            0x052029c0
                                            0x052029c5
                                            0x052029c6
                                            0x052029c6
                                            0x052029c9
                                            0x052029cb
                                            0x00000000
                                            0x00000000
                                            0x052029cd
                                            0x052029d0
                                            0x052029d9
                                            0x052029db
                                            0x052029dd
                                            0x05202a7f
                                            0x05202a84
                                            0x05202a87
                                            0x05202a89
                                            0x05245ca1
                                            0x05245ca3
                                            0x00000000
                                            0x05202a8f
                                            0x05202a8f
                                            0x00000000
                                            0x05202a8f
                                            0x00000000
                                            0x052029e3
                                            0x052029e3
                                            0x052029e3
                                            0x00000000
                                            0x052029e3
                                            0x052029dd
                                            0x00000000
                                            0x052029db
                                            0x052029e6
                                            0x052029e9
                                            0x052029eb
                                            0x052029ed
                                            0x052029f3
                                            0x052029f5
                                            0x052029f8
                                            0x052029fa
                                            0x05202a97
                                            0x05202a9a
                                            0x05202a9d
                                            0x05202add
                                            0x00000000
                                            0x05202a9f
                                            0x05202aa2
                                            0x05202aa5
                                            0x05202aa8
                                            0x05202aab
                                            0x05245cab
                                            0x05245caf
                                            0x05245cc5
                                            0x05245cda
                                            0x05245cdc
                                            0x05245cdf
                                            0x05245ce5
                                            0x00000000
                                            0x05245ceb
                                            0x05245ced
                                            0x05245cee
                                            0x00000000
                                            0x05245cee
                                            0x05245cb1
                                            0x05245cb4
                                            0x05245cb9
                                            0x05245cbb
                                            0x00000000
                                            0x05245cbd
                                            0x05245cbd
                                            0x00000000
                                            0x05245cbd
                                            0x05245cbb
                                            0x05202ab1
                                            0x05202ab1
                                            0x05202ac4
                                            0x05202ac6
                                            0x05202ac6
                                            0x00000000
                                            0x05202ac6
                                            0x05202aab
                                            0x00000000
                                            0x05202a00
                                            0x05202a09
                                            0x05202a0e
                                            0x05202a21
                                            0x05202a24
                                            0x05202a35
                                            0x05202a3a
                                            0x05202a3d
                                            0x05202a42
                                            0x05202a59
                                            0x05202a59
                                            0x05202a5c
                                            0x05202a5f
                                            0x05202a5f
                                            0x052029fa
                                            0x052029f3
                                            0x05202a64
                                            0x05202a64
                                            0x05202a6b
                                            0x05202a6b
                                            0x05202a6d
                                            0x05202a72
                                            0x05202a72
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: PATH
                                            • API String ID: 0-1036084923
                                            • Opcode ID: a33251fa1131778a89bf4f66cc8292ffab39fb0e354735e842d953b83c683473
                                            • Instruction ID: e328d0778a8ec716be873ae140ace0ea31a4d3646eaedaeab0fbe96fd88cb7e5
                                            • Opcode Fuzzy Hash: a33251fa1131778a89bf4f66cc8292ffab39fb0e354735e842d953b83c683473
                                            • Instruction Fuzzy Hash: 97C1C575E21219DBCB24DF98D889BBEBBB5FF48700F54502AE405FB291D774A841CB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E0520FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E051EEEF0(0x52c7b60);
					_t134 =  *0x52c7b84; // 0x775b7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x52c7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x52c7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E051E6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E051E76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E05278938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E051DB150();
													}
													_t116 = E05276D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E051E75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x52c8638; // 0x0
																	_t122 = L051E38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E051E76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E051E76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0520FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L051E70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0520FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0520FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0520FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0520FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0520FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x52c7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x52c7b84 = _t75;
						_t73 = E051EEB70(_t134, 0x52c7b60);
						if( *0x52c7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E051EFF60( *0x52c7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                            0x0520fab0
                                            0x0520fab2
                                            0x0520fab3
                                            0x0520fab4
                                            0x0520fabc
                                            0x0520fac0
                                            0x0520fb14
                                            0x0520fb17
                                            0x0520fac2
                                            0x0520fac8
                                            0x0520facd
                                            0x0520fad3
                                            0x0520fad3
                                            0x0520fadd
                                            0x0520fb18
                                            0x0520fb1b
                                            0x0520fb1d
                                            0x0520fb1e
                                            0x0520fb1f
                                            0x0520fb20
                                            0x0520fb21
                                            0x0520fb22
                                            0x0520fb23
                                            0x0520fb24
                                            0x0520fb25
                                            0x0520fb26
                                            0x0520fb27
                                            0x0520fb28
                                            0x0520fb29
                                            0x0520fb2a
                                            0x0520fb2b
                                            0x0520fb2c
                                            0x0520fb2d
                                            0x0520fb2e
                                            0x0520fb2f
                                            0x0520fb3a
                                            0x0520fb3b
                                            0x0520fb3e
                                            0x0520fb41
                                            0x0520fb44
                                            0x0520fb47
                                            0x0520fb4a
                                            0x0520fb4d
                                            0x0520fb53
                                            0x0524bdcb
                                            0x0524bdcb
                                            0x0520fb59
                                            0x0520fb5b
                                            0x0520fb5b
                                            0x0520fb5e
                                            0x0524bdd5
                                            0x0524bdd8
                                            0x00000000
                                            0x0524bdda
                                            0x00000000
                                            0x0524bdda
                                            0x0520fb64
                                            0x0520fb64
                                            0x0520fb64
                                            0x0520fb67
                                            0x0520fb6e
                                            0x0520fb70
                                            0x0520fb72
                                            0x00000000
                                            0x0520fb78
                                            0x0520fb7a
                                            0x0520fb7a
                                            0x0520fb7d
                                            0x0520fb80
                                            0x0524bddf
                                            0x0524bde1
                                            0x00000000
                                            0x0524bde3
                                            0x00000000
                                            0x0524bde3
                                            0x0520fb86
                                            0x0520fb86
                                            0x0520fb86
                                            0x0520fb8b
                                            0x0520fb90
                                            0x0520fb92
                                            0x0520fb94
                                            0x0520fb9a
                                            0x0520fb9b
                                            0x0520fba1
                                            0x0524bde8
                                            0x0524bdeb
                                            0x0524bded
                                            0x0524beb5
                                            0x0524beb5
                                            0x0524bebb
                                            0x0524bebd
                                            0x0524bec3
                                            0x0524bed2
                                            0x0524bedd
                                            0x0524bedd
                                            0x0524beed
                                            0x00000000
                                            0x0524bdf3
                                            0x0524bdfe
                                            0x0524be06
                                            0x0524be0b
                                            0x0524be0d
                                            0x0524be0f
                                            0x0524be14
                                            0x0524be19
                                            0x0524be20
                                            0x0524be25
                                            0x0524be27
                                            0x0524be35
                                            0x0524be39
                                            0x0524be46
                                            0x0524be4f
                                            0x0524be54
                                            0x0524be56
                                            0x0524bef8
                                            0x0524bef8
                                            0x00000000
                                            0x0524be5c
                                            0x0524be5c
                                            0x0524be60
                                            0x00000000
                                            0x0524be66
                                            0x0524be66
                                            0x0524be7f
                                            0x0524be84
                                            0x0524be87
                                            0x0524be89
                                            0x0524be8b
                                            0x0524be99
                                            0x0524be9d
                                            0x0524bea0
                                            0x0524beac
                                            0x0524beaf
                                            0x0524beb1
                                            0x0524beb3
                                            0x0524beb3
                                            0x00000000
                                            0x0524bea2
                                            0x0524bea2
                                            0x00000000
                                            0x0524bea2
                                            0x0524be8d
                                            0x0524be8d
                                            0x0524be92
                                            0x00000000
                                            0x0524be92
                                            0x0524be8b
                                            0x0524be60
                                            0x0524be3b
                                            0x0524be3b
                                            0x0524be3e
                                            0x00000000
                                            0x0524be40
                                            0x0524be40
                                            0x0524be44
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0524be44
                                            0x0524be3e
                                            0x0524be29
                                            0x0524be29
                                            0x00000000
                                            0x0524be29
                                            0x0524be27
                                            0x00000000
                                            0x0520fba7
                                            0x0520fba7
                                            0x0520fbab
                                            0x0524bf02
                                            0x0520fbb1
                                            0x0520fbb1
                                            0x0520fbb8
                                            0x0520fbbd
                                            0x0520fbbd
                                            0x0520fbbf
                                            0x0520fbbf
                                            0x0520fbc5
                                            0x0520fbcb
                                            0x0520fbf8
                                            0x0520fbf8
                                            0x0520fbfa
                                            0x00000000
                                            0x0520fc00
                                            0x0520fc00
                                            0x0520fc03
                                            0x00000000
                                            0x0520fc09
                                            0x0520fc09
                                            0x0520fc0f
                                            0x0520fc15
                                            0x0520fc23
                                            0x0520fc23
                                            0x0520fc25
                                            0x0520fc27
                                            0x0520fc75
                                            0x0520fc7c
                                            0x0520fc84
                                            0x00000000
                                            0x0520fc29
                                            0x0520fc29
                                            0x0520fc2d
                                            0x0520fc30
                                            0x0524bf0f
                                            0x00000000
                                            0x0520fc36
                                            0x0520fc38
                                            0x0520fc3b
                                            0x0520fc41
                                            0x0524bf17
                                            0x0524bf19
                                            0x0524bf48
                                            0x0524bf4b
                                            0x00000000
                                            0x0524bf1b
                                            0x0524bf22
                                            0x0524bf24
                                            0x0524bf26
                                            0x00000000
                                            0x0524bf2c
                                            0x0524bf37
                                            0x0524bf39
                                            0x0524bf3b
                                            0x00000000
                                            0x0524bf41
                                            0x0524bf41
                                            0x0524bf41
                                            0x0524bf41
                                            0x0524bf45
                                            0x00000000
                                            0x0524bf45
                                            0x0524bf3b
                                            0x0524bf26
                                            0x00000000
                                            0x0520fc47
                                            0x0520fc47
                                            0x0520fc49
                                            0x0520fcb2
                                            0x0520fcb4
                                            0x0520fcb6
                                            0x0520fcdc
                                            0x0520fcdc
                                            0x00000000
                                            0x0520fcb8
                                            0x0520fcc3
                                            0x0520fcc5
                                            0x0520fcc7
                                            0x00000000
                                            0x0520fcc9
                                            0x0520fcc9
                                            0x0520fccd
                                            0x00000000
                                            0x0520fccd
                                            0x0520fcc7
                                            0x00000000
                                            0x0520fc4b
                                            0x0520fc4b
                                            0x0520fc4e
                                            0x0520fc4e
                                            0x0520fc51
                                            0x0520fc51
                                            0x0520fc54
                                            0x0520fc5a
                                            0x0520fc5c
                                            0x0520fc5f
                                            0x0520fc61
                                            0x0520fc63
                                            0x0520fc65
                                            0x0520fc67
                                            0x0520fc6e
                                            0x0520fc72
                                            0x0520fc72
                                            0x0520fc72
                                            0x0520fc72
                                            0x0520fc67
                                            0x0520fc61
                                            0x00000000
                                            0x0520fc5a
                                            0x0520fc49
                                            0x0520fc41
                                            0x0520fc30
                                            0x0520fc27
                                            0x0520fc03
                                            0x0520fbcd
                                            0x0520fbd3
                                            0x0520fbd9
                                            0x0520fbdc
                                            0x0520fbde
                                            0x0520fc99
                                            0x0520fc9b
                                            0x0520fc9d
                                            0x0520fcd5
                                            0x0520fcd5
                                            0x0520fc89
                                            0x0520fc89
                                            0x00000000
                                            0x0520fc9f
                                            0x0520fc9f
                                            0x0520fca3
                                            0x00000000
                                            0x0520fca3
                                            0x00000000
                                            0x0520fbe4
                                            0x0520fbe4
                                            0x0520fbe4
                                            0x0520fbe4
                                            0x0520fbe9
                                            0x0520fbf2
                                            0x00000000
                                            0x0520fbf2
                                            0x0520fbde
                                            0x0520fbcb
                                            0x0520fbab
                                            0x0520fc8b
                                            0x0520fc8b
                                            0x0520fc8c
                                            0x0520fb80
                                            0x0520fb72
                                            0x0520fb5e
                                            0x0520fc8d
                                            0x0520fc91
                                            0x0520fadf
                                            0x0520fadf
                                            0x0520fae1
                                            0x0520fae4
                                            0x0520fae7
                                            0x0520faec
                                            0x0520faf8
                                            0x0520fb00
                                            0x0520fb07
                                            0x0520fb0f
                                            0x0520fb0f
                                            0x0520fb07
                                            0x00000000
                                            0x0520faf8
                                            0x0520fadd

                                            Strings
                                            • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0524BE0F
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                            • API String ID: 0-865735534
                                            • Opcode ID: 35436a222be5fb6b48c1a398902bc3f291227b5043a1005d10923a1132293da8
                                            • Instruction ID: 39ded4b853e1228b9d4e06539b2ba5a864a138e872d02d32fa6b11dd2ba23c86
                                            • Opcode Fuzzy Hash: 35436a222be5fb6b48c1a398902bc3f291227b5043a1005d10923a1132293da8
                                            • Instruction Fuzzy Hash: 64A10332B75606CBDB39DB64C555B7AB7A6BF48720F044569E80ACB6C2DB74D802CF80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051D2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 63%
                                            			E051D2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x52c5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x52c7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E052197C0();
				}
				if( *0x52c79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x52c79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E05201624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E051F7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0526FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E05219520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0520E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0522DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x52c6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x52c6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E05219980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E052195D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E051F7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E051F7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E05257016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0526FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x52c5350;
							if(_t109 != 0x52c5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0526FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E05265720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                            0x051d2d8a
                                            0x051d2d8a
                                            0x051d2d92
                                            0x051d2d96
                                            0x051d2d9e
                                            0x051d2da0
                                            0x051d2da3
                                            0x051d2da5
                                            0x051d2da8
                                            0x051d2dab
                                            0x051d2db2
                                            0x0522f9aa
                                            0x0522f9ab
                                            0x0522f9ae
                                            0x0522f9ae
                                            0x051d2db8
                                            0x051d2dc2
                                            0x0522f9b9
                                            0x0522f9be
                                            0x0522f9bf
                                            0x0522f9bf
                                            0x051d2dcf
                                            0x0522f9c9
                                            0x051d2dd5
                                            0x051d2dd5
                                            0x051d2dd5
                                            0x051d2dde
                                            0x051d2de1
                                            0x051d2e70
                                            0x051d2e72
                                            0x051d2e72
                                            0x051d2de7
                                            0x051d2deb
                                            0x051d2e7c
                                            0x051d2e83
                                            0x051d2e85
                                            0x051d2e8b
                                            0x051d2e8d
                                            0x051d2e92
                                            0x051d2e92
                                            0x051d2e85
                                            0x051d2df1
                                            0x051d2df7
                                            0x051d2df9
                                            0x051d2df9
                                            0x051d2dfc
                                            0x051d2dff
                                            0x051d2e02
                                            0x00000000
                                            0x051d2e05
                                            0x051d2e0c
                                            0x0522f9d9
                                            0x051d2e12
                                            0x051d2e12
                                            0x051d2e12
                                            0x051d2e1a
                                            0x0522f9e3
                                            0x0522f9e9
                                            0x0522f9f0
                                            0x0522f9f6
                                            0x0522f9f8
                                            0x0522f9f8
                                            0x0522f9f0
                                            0x051d2e23
                                            0x0522fa02
                                            0x0522fa03
                                            0x0522fa05
                                            0x0522fa06
                                            0x00000000
                                            0x051d2e29
                                            0x051d2e29
                                            0x051d2e2e
                                            0x051d2e34
                                            0x051d2e3e
                                            0x00000000
                                            0x00000000
                                            0x051d2e44
                                            0x051d2e47
                                            0x051d2e4d
                                            0x00000000
                                            0x00000000
                                            0x051d2e4f
                                            0x051d2e54
                                            0x00000000
                                            0x00000000
                                            0x051d2e5a
                                            0x051d2e5f
                                            0x051d2e9a
                                            0x051d2ea4
                                            0x051d2ea5
                                            0x051d2ea8
                                            0x051d2eaf
                                            0x051d2eb2
                                            0x051d2eb5
                                            0x0522fae9
                                            0x0522faeb
                                            0x0522faed
                                            0x0522faef
                                            0x0522faf7
                                            0x0522faf8
                                            0x0522fafd
                                            0x0522faff
                                            0x0522fb04
                                            0x0522fb04
                                            0x0522faff
                                            0x051d2ec0
                                            0x051d2ec4
                                            0x051d2ec6
                                            0x051d2ec8
                                            0x0522fb14
                                            0x0522fb18
                                            0x0522fb1e
                                            0x0522fb21
                                            0x0522fb21
                                            0x051d2ece
                                            0x051d2ece
                                            0x051d2ece
                                            0x051d2ed7
                                            0x051d2e61
                                            0x051d2e63
                                            0x0522fa6b
                                            0x0522fa71
                                            0x0522fa76
                                            0x0522fa78
                                            0x0522fa8a
                                            0x0522fa7a
                                            0x0522fa83
                                            0x0522fa83
                                            0x0522fa8f
                                            0x0522fa91
                                            0x0522fa97
                                            0x0522fa9d
                                            0x0522faa4
                                            0x0522faaa
                                            0x0522faaf
                                            0x0522fab1
                                            0x0522fac3
                                            0x0522fab3
                                            0x0522fabc
                                            0x0522fabc
                                            0x0522fac8
                                            0x0522facb
                                            0x0522fadf
                                            0x0522fadf
                                            0x0522facb
                                            0x0522faa4
                                            0x0522fa91
                                            0x051d2e6f
                                            0x051d2e6f
                                            0x051d2e5f
                                            0x0522fa13
                                            0x0522fa15
                                            0x0522fa17
                                            0x0522fa1f
                                            0x0522fa21
                                            0x0522fa22
                                            0x0522fa25
                                            0x0522fa28
                                            0x0522fa2f
                                            0x0522fa2f
                                            0x0522fa2a
                                            0x0522fa2a
                                            0x0522fa2a
                                            0x0522fa31
                                            0x0522fa34
                                            0x0522fa36
                                            0x0522fa3c
                                            0x0522fa3e
                                            0x0522fa41
                                            0x0522fa43
                                            0x0522fa45
                                            0x0522fa45
                                            0x0522fa41
                                            0x0522fa3c
                                            0x0522fa4a
                                            0x0522fa4f
                                            0x0522fa51
                                            0x0522fa53
                                            0x0522fa56
                                            0x0522fa5b
                                            0x0522fa5e
                                            0x00000000
                                            0x0522fa5e
                                            0x051d2e23

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RTL: Re-Waiting
                                            • API String ID: 0-316354757
                                            • Opcode ID: f8c240a74ab56d5092fbdc7c037766d3d6daa741cb16615a1a831ce3870f37ff
                                            • Instruction ID: 5a0857eca291c2a443830694323d2ea7b1579e88b1a46d1d94de57494f37162f
                                            • Opcode Fuzzy Hash: f8c240a74ab56d5092fbdc7c037766d3d6daa741cb16615a1a831ce3870f37ff
                                            • Instruction Fuzzy Hash: AC615339B14655AFDB31DB28C985B7EB7B2FF44310F1406A9E8369B2C1C774A980C7A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A0EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E052A0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0529FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E052A1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E05219730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0529A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0529A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x52c8b04 >> 0x14) + (_v44 -  *0x52c8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E051F7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0529138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E051F7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0528FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x52c8724 & 0x00000008) != 0) {
						E052952F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E052A15B5(0x52c8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                            0x052a0eb7
                                            0x052a0eb9
                                            0x052a0ec0
                                            0x052a0ec2
                                            0x052a0ecd
                                            0x052a105b
                                            0x052a105b
                                            0x052a1061
                                            0x052a1066
                                            0x052a1066
                                            0x052a106b
                                            0x052a1073
                                            0x052a1073
                                            0x052a0ed3
                                            0x052a0ed6
                                            0x052a0edc
                                            0x052a0ee0
                                            0x052a0ee7
                                            0x052a0ef0
                                            0x052a0ef5
                                            0x052a0efa
                                            0x052a0efc
                                            0x052a0efd
                                            0x052a0f03
                                            0x052a0f04
                                            0x052a0f06
                                            0x052a0f07
                                            0x052a0f09
                                            0x052a0f0e
                                            0x052a0f14
                                            0x052a0f23
                                            0x052a0f2d
                                            0x052a0f34
                                            0x052a0f34
                                            0x052a0f14
                                            0x052a0f52
                                            0x00000000
                                            0x00000000
                                            0x052a0f58
                                            0x052a0f73
                                            0x052a0f74
                                            0x052a0f79
                                            0x052a0f7d
                                            0x052a0f80
                                            0x052a0f86
                                            0x052a0fab
                                            0x052a0fb5
                                            0x052a0fc6
                                            0x052a0fd1
                                            0x052a0fe3
                                            0x052a0fd3
                                            0x052a0fdc
                                            0x052a0fdc
                                            0x052a0feb
                                            0x052a1009
                                            0x052a1009
                                            0x052a1015
                                            0x052a1027
                                            0x052a1017
                                            0x052a1020
                                            0x052a1020
                                            0x052a102f
                                            0x052a103c
                                            0x052a103c
                                            0x052a1048
                                            0x052a1050
                                            0x052a1050
                                            0x052a1055
                                            0x00000000
                                            0x052a1055
                                            0x052a0f88
                                            0x052a0f9e
                                            0x052a0fa2
                                            0x052a0fa9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x052a0fa9
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: `
                                            • API String ID: 0-2679148245
                                            • Opcode ID: 3acb41159e38bfedcfaea39a2c056d9a88562cb0231c4fa9042c50c872059c8e
                                            • Instruction ID: 6f9cd3eb0bf83ac17d1147c0ac3228e5d8fd7b2706cdba0bfa8d573ea0fad84f
                                            • Opcode Fuzzy Hash: 3acb41159e38bfedcfaea39a2c056d9a88562cb0231c4fa9042c50c872059c8e
                                            • Instruction Fuzzy Hash: AB518B722283429BD725DF28D988B2BB7E5FF84314F04492CF99697291DB70E905CB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E0520F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E051F4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E05219830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E05219990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E052195D0();
							goto L11;
						} else {
							_t109 = L051F4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0521F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E052195D0();
										L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                            0x0520f0d3
                                            0x0520f0d9
                                            0x0520f0e0
                                            0x0520f0e7
                                            0x0520f0f2
                                            0x0520f0f4
                                            0x0520f0f8
                                            0x0520f100
                                            0x0520f108
                                            0x0520f10d
                                            0x0520f115
                                            0x0520f116
                                            0x0520f11f
                                            0x0520f123
                                            0x0520f124
                                            0x0520f12c
                                            0x0520f130
                                            0x0520f134
                                            0x0520f13d
                                            0x0520f144
                                            0x0520f14b
                                            0x0520f152
                                            0x0524bab0
                                            0x0524bab0
                                            0x0520f158
                                            0x0520f158
                                            0x0520f15a
                                            0x0520f160
                                            0x0520f165
                                            0x0520f166
                                            0x0520f16f
                                            0x0520f173
                                            0x0524baa7
                                            0x0524baa7
                                            0x0524baab
                                            0x00000000
                                            0x0520f179
                                            0x0520f18d
                                            0x0520f191
                                            0x0524baa2
                                            0x00000000
                                            0x0520f197
                                            0x0520f19b
                                            0x0520f1a2
                                            0x0520f1a9
                                            0x0520f1af
                                            0x0520f1b2
                                            0x0520f1b6
                                            0x0520f1b9
                                            0x0520f1c4
                                            0x0520f1d8
                                            0x0520f1df
                                            0x0520f1e3
                                            0x0520f1eb
                                            0x0520f1ee
                                            0x0520f1f4
                                            0x0520f20f
                                            0x0524bab7
                                            0x0524babb
                                            0x0524bacc
                                            0x0524bad1
                                            0x0520f215
                                            0x0520f218
                                            0x0520f226
                                            0x0520f22b
                                            0x00000000
                                            0x0520f22b
                                            0x0520f1f6
                                            0x0520f1f6
                                            0x0520f1f9
                                            0x0520f1fb
                                            0x0520f1fb
                                            0x0520f1f4
                                            0x0520f191
                                            0x0520f173
                                            0x0520f152
                                            0x0520f203

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @
                                            • API String ID: 0-2766056989
                                            • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                            • Instruction ID: 57d713907c73f341cc3dcd3eb5969abc84848ffad697f5d087779dd8cf5b8e9c
                                            • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                            • Instruction Fuzzy Hash: D651AC71214710AFC321DF28C840A6BBBF8FF48710F008A2EFA9597691E7B4E944CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05253540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E05253540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x52cd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E05210BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E05253706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0521FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E05253540;
						E0521FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0522DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E05260C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E052197C0();
					}
					return E0521B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E05253971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E05253884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0521FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E05219650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E05253787(_a4,  &_v352, _t80);
						}
					}
					L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E052195D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                            0x05253552
                                            0x0525355a
                                            0x0525355d
                                            0x05253566
                                            0x05253567
                                            0x0525357e
                                            0x0525358f
                                            0x052535a1
                                            0x052535a5
                                            0x0525366b
                                            0x0525366b
                                            0x0525366d
                                            0x05253672
                                            0x05253679
                                            0x05253685
                                            0x0525368d
                                            0x0525369d
                                            0x052536a7
                                            0x052536b8
                                            0x052536c6
                                            0x052536c7
                                            0x052536dc
                                            0x052536e1
                                            0x052536e7
                                            0x052536e9
                                            0x052536e9
                                            0x05253703
                                            0x05253703
                                            0x052535b5
                                            0x052535c0
                                            0x052535c4
                                            0x00000000
                                            0x00000000
                                            0x052535ca
                                            0x052535d7
                                            0x052535e2
                                            0x052535e6
                                            0x052535e8
                                            0x052535f5
                                            0x052535fa
                                            0x05253603
                                            0x05253604
                                            0x05253609
                                            0x0525360a
                                            0x05253612
                                            0x05253613
                                            0x0525361e
                                            0x05253622
                                            0x05253628
                                            0x0525362f
                                            0x0525362f
                                            0x05253636
                                            0x05253638
                                            0x0525363b
                                            0x05253642
                                            0x05253642
                                            0x05253636
                                            0x05253657
                                            0x05253657
                                            0x0525365c
                                            0x05253662
                                            0x05253669
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: BinaryHash
                                            • API String ID: 0-2202222882
                                            • Opcode ID: d508629be8d803797df5343b895db36387c4c1994d497f21c4d31302e11e7a6f
                                            • Instruction ID: f0e3760a88b71355f7697436a814340fa6b9afe15d5c38a770397e5b05104383
                                            • Opcode Fuzzy Hash: d508629be8d803797df5343b895db36387c4c1994d497f21c4d31302e11e7a6f
                                            • Instruction Fuzzy Hash: B44125F2D1052D9BDB21DE50CC84FEEB77CAF54764F0045A5EA19A7240DB309E898FA8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 71%
                                            			E052A05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E052A07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E05219730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0529A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0529A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E052A1293(_t79, _v40, E052A07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E051F7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0529138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                            0x052a05c5
                                            0x052a05ca
                                            0x052a05d3
                                            0x052a06db
                                            0x052a06db
                                            0x052a06dd
                                            0x052a06e3
                                            0x052a06e3
                                            0x052a05dd
                                            0x052a05e7
                                            0x052a05f6
                                            0x052a0600
                                            0x052a0607
                                            0x052a0610
                                            0x052a0615
                                            0x052a061a
                                            0x052a061c
                                            0x052a061e
                                            0x052a0624
                                            0x052a0625
                                            0x052a0627
                                            0x052a0628
                                            0x052a0631
                                            0x052a0640
                                            0x052a064d
                                            0x052a0654
                                            0x052a0654
                                            0x052a0631
                                            0x052a066d
                                            0x052a0674
                                            0x00000000
                                            0x00000000
                                            0x052a0692
                                            0x052a069e
                                            0x052a06b0
                                            0x052a06a0
                                            0x052a06a9
                                            0x052a06a9
                                            0x052a06b8
                                            0x052a06d6
                                            0x052a06d6
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: `
                                            • API String ID: 0-2679148245
                                            • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                            • Instruction ID: 433e847c3e8a407cb4f06fa231b714a489b3efb60080720f7a92576be81fa1fa
                                            • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                            • Instruction Fuzzy Hash: 7931FF327143066BE720DE26CD88F9B7799BFC4B58F044228BA499B280D770E914CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05253884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E05253884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E05219650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L051F4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E05219650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                            0x05253893
                                            0x05253896
                                            0x05253899
                                            0x0525389f
                                            0x052538a0
                                            0x052538a4
                                            0x052538a9
                                            0x052538ac
                                            0x052538ad
                                            0x052538ae
                                            0x052538af
                                            0x052538b1
                                            0x052538b4
                                            0x052538bb
                                            0x052538bc
                                            0x052538bd
                                            0x052538c4
                                            0x052538c8
                                            0x052538ca
                                            0x052538ca
                                            0x052538d5
                                            0x0525393e
                                            0x05253940
                                            0x05253942
                                            0x05253952
                                            0x05253954
                                            0x05253961
                                            0x05253961
                                            0x05253967
                                            0x0525396e
                                            0x0525396e
                                            0x05253947
                                            0x0525394c
                                            0x00000000
                                            0x0525394c
                                            0x052538ea
                                            0x052538ee
                                            0x052538f8
                                            0x052538f9
                                            0x052538ff
                                            0x05253900
                                            0x05253902
                                            0x05253903
                                            0x0525390b
                                            0x0525390f
                                            0x05253950
                                            0x00000000
                                            0x05253950
                                            0x05253915
                                            0x0525391d
                                            0x0525391d
                                            0x05253922
                                            0x05253926
                                            0x00000000
                                            0x05253928
                                            0x0525392b
                                            0x0525392b
                                            0x05253935
                                            0x05253937
                                            0x05253937
                                            0x00000000
                                            0x05253935
                                            0x05253926
                                            0x052538f0
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: BinaryName
                                            • API String ID: 0-215506332
                                            • Opcode ID: 7ccf1ba6a22d10b90f57bdcf9dba79d0e3530d8cf2a148d38f1bc5e405d4911e
                                            • Instruction ID: 87674f415e0175aaf3ca568098b12440d1d79a11a73bab22406b70032a48f659
                                            • Opcode Fuzzy Hash: 7ccf1ba6a22d10b90f57bdcf9dba79d0e3530d8cf2a148d38f1bc5e405d4911e
                                            • Instruction Fuzzy Hash: C23105B291450AAFEB15DE58C985D7BF775FF90770F014529ED09A7240D7309E00C7A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 33%
                                            			E0520D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x52cd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E051F4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0521B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E052198D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E052195D0();
					L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                            0x0520d29c
                                            0x0520d2a6
                                            0x0520d2b1
                                            0x0520d2b5
                                            0x0520d2b6
                                            0x0520d2bc
                                            0x0520d2bd
                                            0x0520d2be
                                            0x0520d2bf
                                            0x0520d2c2
                                            0x0520d2c4
                                            0x0520d2cc
                                            0x0520d384
                                            0x0520d34b
                                            0x0520d34f
                                            0x0520d350
                                            0x0520d351
                                            0x0520d35c
                                            0x0520d35c
                                            0x0520d2d6
                                            0x0520d2da
                                            0x0520d2e1
                                            0x0520d361
                                            0x0520d369
                                            0x0520d36d
                                            0x0520d2e3
                                            0x0520d2e3
                                            0x0520d2e3
                                            0x0520d2e5
                                            0x0520d2ed
                                            0x0520d2f5
                                            0x0520d2fa
                                            0x0520d302
                                            0x0520d303
                                            0x0520d30b
                                            0x0520d30f
                                            0x0520d313
                                            0x0520d318
                                            0x0520d31c
                                            0x0520d320
                                            0x0520d379
                                            0x0520d37d
                                            0x00000000
                                            0x00000000
                                            0x0524affe
                                            0x0524b001
                                            0x0524b011
                                            0x00000000
                                            0x0520d322
                                            0x0520d322
                                            0x0520d330
                                            0x0520d337
                                            0x0520d35d
                                            0x0520d339
                                            0x0520d33f
                                            0x0520d38c
                                            0x0520d38c
                                            0x0520d33f
                                            0x0520d349
                                            0x00000000
                                            0x0520d349

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @
                                            • API String ID: 0-2766056989
                                            • Opcode ID: 7a64daf1f5ee44660c21268981e7892981f0192d7fc99c58751310f890d5264d
                                            • Instruction ID: a47dd46fef438aebb619feb8fdcb2e14708251f18ac7c47ae5523a592c4a368f
                                            • Opcode Fuzzy Hash: 7a64daf1f5ee44660c21268981e7892981f0192d7fc99c58751310f890d5264d
                                            • Instruction Fuzzy Hash: E531E2B166A3019FC315DF68C884A6BBBE9FF85654F00192EF98583291D734ED05CF92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051E1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E051E1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0521BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0521A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0521A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L051F4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                            0x051e1b8f
                                            0x051e1b9a
                                            0x051e1b9c
                                            0x051e1b9e
                                            0x051e1ba3
                                            0x05237010
                                            0x05237010
                                            0x00000000
                                            0x051e1ba9
                                            0x051e1ba9
                                            0x051e1bae
                                            0x00000000
                                            0x051e1bc5
                                            0x051e1bca
                                            0x051e1bcf
                                            0x051e1bd0
                                            0x051e1bd1
                                            0x051e1bd2
                                            0x051e1bd6
                                            0x051e1bdc
                                            0x051e1be0
                                            0x05236ffc
                                            0x05237000
                                            0x00000000
                                            0x05237006
                                            0x05237009
                                            0x05237009
                                            0x051e1be6
                                            0x051e1bec
                                            0x051e1c0b
                                            0x051e1c0b
                                            0x051e1c0c
                                            0x051e1c11
                                            0x051e1c12
                                            0x051e1c15
                                            0x051e1c1b
                                            0x051e1c1f
                                            0x051e1c31
                                            0x051e1c33
                                            0x05237026
                                            0x05237026
                                            0x051e1c21
                                            0x051e1c24
                                            0x051e1c24
                                            0x051e1bee
                                            0x051e1bee
                                            0x051e1bf2
                                            0x051e1c3a
                                            0x051e1bf4
                                            0x051e1bf4
                                            0x051e1c05
                                            0x051e1c05
                                            0x051e1c09
                                            0x051e1c3e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051e1c09
                                            0x051e1bec
                                            0x051e1be0
                                            0x051e1bae
                                            0x051e1c2e

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: WindowsExcludedProcs
                                            • API String ID: 0-3583428290
                                            • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                            • Instruction ID: c2d3b9da923b4503696d58475ed3f71f566719ae1116eb51265d7d8d1927aa7f
                                            • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                            • Instruction Fuzzy Hash: 9A21D6B6641A18BBCF31DA558984FAF77ADFF41A50F064865AD09EB200D730DA01C7A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051FF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051FF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                            0x051ff71d
                                            0x051ff722
                                            0x051ff726
                                            0x05244770
                                            0x051ff765
                                            0x051ff769
                                            0x051ff769
                                            0x051ff732
                                            0x0524477a
                                            0x00000000
                                            0x0524477a
                                            0x051ff738
                                            0x051ff73a
                                            0x051ff73c
                                            0x051ff73f
                                            0x051ff746
                                            0x051ff778
                                            0x051ff7a9
                                            0x051ff7a9
                                            0x051ff754
                                            0x051ff75a
                                            0x051ff75d
                                            0x051ff75f
                                            0x051ff761
                                            0x051ff76f
                                            0x051ff771
                                            0x051ff771
                                            0x051ff76f
                                            0x051ff763
                                            0x00000000
                                            0x051ff763
                                            0x051ff77d
                                            0x051ff7a3
                                            0x051ff7a5
                                            0x00000000
                                            0x051ff7a5
                                            0x051ff77f
                                            0x051ff782
                                            0x051ff784
                                            0x051ff786
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051ff788
                                            0x051ff748
                                            0x051ff74d
                                            0x051ff78d
                                            0x051ff793
                                            0x051ff7b7
                                            0x051ff7bc
                                            0x00000000
                                            0x051ff7bc
                                            0x051ff798
                                            0x00000000
                                            0x00000000
                                            0x051ff79d
                                            0x051ff7b0
                                            0x00000000
                                            0x051ff7b0
                                            0x051ff79f
                                            0x00000000
                                            0x051ff74f
                                            0x051ff74f
                                            0x00000000
                                            0x051ff74f

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Actx
                                            • API String ID: 0-89312691
                                            • Opcode ID: 6d9e0c54e338e31e375c0961d015a0df920ef0d65e747f51efba4a1f6dac0e41
                                            • Instruction ID: 8bb3304dd5b2dbc4537a7a94d7903360af996b543afadff3dcb82393d29189de
                                            • Opcode Fuzzy Hash: 6d9e0c54e338e31e375c0961d015a0df920ef0d65e747f51efba4a1f6dac0e41
                                            • Instruction Fuzzy Hash: 5311E9753086428BEB38AE1D8494736F297BB85614F2A472AD666DB390DBF0D8038740
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05288DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 71%
                                            			E05288DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x52b0d50);
				E0522D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E05265720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0522DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0522DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0522D130(_t34, _t39, _t40);
			}





                                            0x05288df1
                                            0x05288df1
                                            0x05288df1
                                            0x05288df1
                                            0x05288df1
                                            0x05288df1
                                            0x05288df3
                                            0x05288df8
                                            0x05288dfd
                                            0x05288e00
                                            0x05288e0e
                                            0x05288e2a
                                            0x05288e36
                                            0x05288e38
                                            0x05288e3c
                                            0x05288e46
                                            0x05288e46
                                            0x05288e36
                                            0x05288e50
                                            0x05288e56
                                            0x05288e59
                                            0x05288e5c
                                            0x05288e60
                                            0x05288e67
                                            0x05288e6d
                                            0x05288e73
                                            0x05288e74
                                            0x05288eb1
                                            0x05288ebd

                                            Strings
                                            • Critical error detected %lx, xrefs: 05288E21
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Critical error detected %lx
                                            • API String ID: 0-802127002
                                            • Opcode ID: 3837cfb86b8adc2f7944cdc742e327382266ff748e4d6a4bdbdbaff02820a948
                                            • Instruction ID: c9900560b69e117b891b305323df1bd33d1739aafc05481f1ee5bdc5c86d9b99
                                            • Opcode Fuzzy Hash: 3837cfb86b8adc2f7944cdc742e327382266ff748e4d6a4bdbdbaff02820a948
                                            • Instruction Fuzzy Hash: F7117975E25348EADF25DFA485097ACBBB1BF04310F60865DE069AB2C2C3704602CF14
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0526FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                            Download Yara Rule
                                            Strings
                                            • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0526FF60
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                            • API String ID: 0-1911121157
                                            • Opcode ID: 85dd92e3a672b35c6720e44a5df68f60f44b17bdfe9a3a56e5ae181d6aeb65a9
                                            • Instruction ID: 29b27eb2690c4d8f26fe6ec08dcc971961aa3bb4fcce8d72c5b434157a7f1d79
                                            • Opcode Fuzzy Hash: 85dd92e3a672b35c6720e44a5df68f60f44b17bdfe9a3a56e5ae181d6aeb65a9
                                            • Instruction Fuzzy Hash: 8311C075A70285EFDF12DB50DA8DFA8BBB1FF08704F548054F1096B6A2CB799A80DB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A5BA5 Relevance: .6, Instructions: 592COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E052A5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x52b1178);
				E0522D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E052A4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0521D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E052A5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x52c60e8;
								if( *0x52c60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x52c60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E05219710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E05216DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0521F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0521F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0521F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0521FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0521FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0521F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0521F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E052A4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0522D130(_t427, _t494, _t511);
				}
			}










































































                                            0x052a5ba5
                                            0x052a5baa
                                            0x052a5baf
                                            0x052a5bb4
                                            0x052a5bb6
                                            0x052a5bbc
                                            0x052a5bbe
                                            0x052a5bc4
                                            0x052a5bcd
                                            0x052a5bd3
                                            0x052a5bd6
                                            0x052a5bdc
                                            0x052a5be0
                                            0x052a5be3
                                            0x052a5beb
                                            0x052a5bf2
                                            0x052a5bf8
                                            0x052a5bfe
                                            0x052a5c04
                                            0x052a5c0e
                                            0x052a5c18
                                            0x052a5c1f
                                            0x052a5c25
                                            0x052a5c2a
                                            0x052a5c2c
                                            0x052a5c32
                                            0x052a5c3a
                                            0x052a5c3f
                                            0x052a5c42
                                            0x052a5c48
                                            0x052a5c5b
                                            0x052a5c5b
                                            0x052a5c2c
                                            0x052a5cb7
                                            0x052a5cb9
                                            0x052a5cbf
                                            0x052a5cc2
                                            0x052a5cca
                                            0x052a5ccb
                                            0x052a5ccb
                                            0x052a5cd1
                                            0x052a5cd7
                                            0x052a5cda
                                            0x052a5ce1
                                            0x052a5ce4
                                            0x052a5ce7
                                            0x052a5ced
                                            0x052a5cf3
                                            0x052a5cf9
                                            0x052a5cff
                                            0x052a5d08
                                            0x052a5d0a
                                            0x052a5d0e
                                            0x052a5d10
                                            0x00000000
                                            0x00000000
                                            0x052a5d16
                                            0x052a5d1a
                                            0x00000000
                                            0x00000000
                                            0x052a5d20
                                            0x052a5d22
                                            0x052a5d25
                                            0x052a5d2f
                                            0x052a5d2f
                                            0x052a5d33
                                            0x052a5d3d
                                            0x052a5d49
                                            0x052a5d4b
                                            0x00000000
                                            0x00000000
                                            0x052a5d5a
                                            0x052a5d5d
                                            0x052a5d60
                                            0x00000000
                                            0x00000000
                                            0x052a5d66
                                            0x052a5d69
                                            0x00000000
                                            0x00000000
                                            0x052a5d6f
                                            0x052a5d6f
                                            0x052a5d73
                                            0x052a5d79
                                            0x052a5d7f
                                            0x052a5d86
                                            0x052a5d95
                                            0x052a5d98
                                            0x052a5dba
                                            0x052a5dcb
                                            0x052a5dce
                                            0x052a5dd3
                                            0x052a5dd6
                                            0x052a5dd8
                                            0x052a5de6
                                            0x052a5dec
                                            0x052a5dee
                                            0x052a5df1
                                            0x052a5df3
                                            0x052a635a
                                            0x052a635a
                                            0x00000000
                                            0x052a635a
                                            0x052a5dfe
                                            0x052a5e02
                                            0x052a5e05
                                            0x052a5e07
                                            0x052a5e10
                                            0x052a5e13
                                            0x052a5e1b
                                            0x052a5e1c
                                            0x052a5e21
                                            0x052a5e22
                                            0x052a5e23
                                            0x052a5e25
                                            0x052a5e2a
                                            0x052a5e2c
                                            0x052a5e2e
                                            0x052a5e36
                                            0x052a5e39
                                            0x052a5e42
                                            0x052a5e47
                                            0x052a5e4d
                                            0x052a5e54
                                            0x052a5e54
                                            0x052a5e54
                                            0x052a5e2e
                                            0x052a5e5c
                                            0x052a5e5f
                                            0x052a5e62
                                            0x052a5e64
                                            0x052a5e6b
                                            0x052a5e70
                                            0x052a5e7a
                                            0x052a5e7a
                                            0x052a5e7a
                                            0x052a5e6b
                                            0x052a5e7e
                                            0x052a5e7f
                                            0x052a5e7f
                                            0x052a5e81
                                            0x052a5e87
                                            0x052a5e8b
                                            0x052a5e8c
                                            0x052a5e8c
                                            0x052a5e8c
                                            0x052a5e9a
                                            0x052a5e9c
                                            0x052a5ea2
                                            0x052a5ea6
                                            0x052a5f50
                                            0x052a5f50
                                            0x052a5f57
                                            0x052a5f66
                                            0x052a5f66
                                            0x052a5f66
                                            0x052a5f68
                                            0x052a5f6a
                                            0x052a63d0
                                            0x00000000
                                            0x052a5f70
                                            0x052a5f70
                                            0x052a5f91
                                            0x052a5f9c
                                            0x052a5f9e
                                            0x052a5fa4
                                            0x052a5fa6
                                            0x052a638c
                                            0x052a6392
                                            0x052a63a1
                                            0x052a63a7
                                            0x052a63af
                                            0x052a63af
                                            0x052a63bd
                                            0x052a63d8
                                            0x00000000
                                            0x052a63d8
                                            0x052a5fac
                                            0x052a5fb2
                                            0x052a5fb4
                                            0x052a5fbd
                                            0x052a5fc6
                                            0x052a5fce
                                            0x052a5fd4
                                            0x052a5fdc
                                            0x052a5fec
                                            0x052a5fed
                                            0x052a5fee
                                            0x052a5fef
                                            0x052a5ff9
                                            0x052a5ffa
                                            0x052a5ffb
                                            0x052a5ffc
                                            0x052a6000
                                            0x052a6004
                                            0x052a6012
                                            0x052a6012
                                            0x052a6018
                                            0x052a6019
                                            0x052a601a
                                            0x052a601b
                                            0x052a601c
                                            0x052a6020
                                            0x052a6059
                                            0x052a605c
                                            0x052a6061
                                            0x052a6061
                                            0x052a6022
                                            0x052a6022
                                            0x052a6022
                                            0x052a6025
                                            0x052a602a
                                            0x052a602b
                                            0x052a6031
                                            0x052a6037
                                            0x052a6038
                                            0x052a603e
                                            0x052a6048
                                            0x052a6049
                                            0x052a604a
                                            0x052a604b
                                            0x052a604c
                                            0x052a604d
                                            0x052a6053
                                            0x052a6054
                                            0x052a6054
                                            0x052a6062
                                            0x052a6065
                                            0x052a6067
                                            0x052a606a
                                            0x052a6070
                                            0x052a6075
                                            0x052a6076
                                            0x052a6081
                                            0x052a6087
                                            0x052a6095
                                            0x052a6099
                                            0x052a609e
                                            0x052a60a4
                                            0x052a60ae
                                            0x052a60b0
                                            0x052a60b3
                                            0x052a60b6
                                            0x052a60b8
                                            0x052a60ba
                                            0x052a60ba
                                            0x052a60ba
                                            0x052a60ba
                                            0x052a60be
                                            0x052a60c0
                                            0x052a60c5
                                            0x052a60c5
                                            0x052a60c5
                                            0x052a60c6
                                            0x052a60cd
                                            0x052a6114
                                            0x052a60cf
                                            0x052a60cf
                                            0x052a60d4
                                            0x052a60d5
                                            0x052a60da
                                            0x052a60db
                                            0x052a60e1
                                            0x052a60e2
                                            0x052a60e8
                                            0x052a60f8
                                            0x052a60fd
                                            0x052a60fe
                                            0x052a6102
                                            0x052a6104
                                            0x052a6107
                                            0x052a6109
                                            0x052a610b
                                            0x052a610b
                                            0x052a610b
                                            0x052a610b
                                            0x052a610f
                                            0x052a610f
                                            0x052a6117
                                            0x052a611a
                                            0x052a611f
                                            0x052a6125
                                            0x052a6134
                                            0x052a6139
                                            0x052a613f
                                            0x052a6146
                                            0x052a6148
                                            0x052a614b
                                            0x052a614d
                                            0x052a614f
                                            0x052a614f
                                            0x052a614f
                                            0x052a614f
                                            0x052a6153
                                            0x052a6159
                                            0x052a6159
                                            0x052a615c
                                            0x052a6163
                                            0x052a6169
                                            0x052a616c
                                            0x052a6172
                                            0x052a6181
                                            0x052a6186
                                            0x052a6187
                                            0x052a618b
                                            0x052a6191
                                            0x052a6195
                                            0x052a61a3
                                            0x052a61bb
                                            0x052a61c0
                                            0x052a61c3
                                            0x052a61cc
                                            0x052a61d0
                                            0x052a61dc
                                            0x052a61de
                                            0x052a61e1
                                            0x052a61e4
                                            0x052a61e6
                                            0x052a61e8
                                            0x052a61e8
                                            0x052a61e8
                                            0x052a61e8
                                            0x052a61e6
                                            0x052a61ec
                                            0x052a61f3
                                            0x052a6203
                                            0x052a6209
                                            0x052a620a
                                            0x052a6216
                                            0x052a621d
                                            0x052a6227
                                            0x052a6241
                                            0x052a6246
                                            0x052a624c
                                            0x052a6257
                                            0x052a6259
                                            0x052a625c
                                            0x052a625e
                                            0x052a6260
                                            0x052a6260
                                            0x052a6260
                                            0x052a6260
                                            0x052a625e
                                            0x052a6264
                                            0x052a6267
                                            0x052a6269
                                            0x052a6315
                                            0x052a6315
                                            0x052a631b
                                            0x052a631e
                                            0x052a6324
                                            0x052a6327
                                            0x052a632f
                                            0x052a6330
                                            0x052a6333
                                            0x052a633a
                                            0x052a633c
                                            0x052a6335
                                            0x052a6335
                                            0x052a6335
                                            0x052a633f
                                            0x052a6342
                                            0x052a634c
                                            0x052a6352
                                            0x052a6355
                                            0x052a6355
                                            0x052a6359
                                            0x00000000
                                            0x052a626f
                                            0x052a6275
                                            0x052a6275
                                            0x052a6278
                                            0x052a627e
                                            0x052a627e
                                            0x052a6281
                                            0x052a6287
                                            0x052a628d
                                            0x052a6298
                                            0x052a629c
                                            0x052a62a2
                                            0x052a629e
                                            0x052a629e
                                            0x052a629e
                                            0x052a62a7
                                            0x052a62a7
                                            0x052a62aa
                                            0x052a62b0
                                            0x052a62f0
                                            0x052a62f0
                                            0x052a62f2
                                            0x052a62f8
                                            0x052a62fd
                                            0x052a62b2
                                            0x052a62b2
                                            0x052a62b2
                                            0x052a62b5
                                            0x052a62dd
                                            0x052a62e2
                                            0x052a62e5
                                            0x052a62b7
                                            0x052a62b8
                                            0x052a62bb
                                            0x052a62bd
                                            0x052a62c0
                                            0x052a62c4
                                            0x052a62cd
                                            0x052a62cd
                                            0x052a62c0
                                            0x052a62bb
                                            0x052a62b5
                                            0x052a6302
                                            0x052a6303
                                            0x052a6305
                                            0x052a6305
                                            0x052a6305
                                            0x052a630c
                                            0x052a630c
                                            0x00000000
                                            0x052a627e
                                            0x052a6269
                                            0x052a5eac
                                            0x052a5ebb
                                            0x052a5ebe
                                            0x052a5ecb
                                            0x052a5ecb
                                            0x052a5ece
                                            0x052a5ece
                                            0x052a5ed4
                                            0x052a5ed7
                                            0x052a5ed9
                                            0x052a5edb
                                            0x052a5edb
                                            0x052a5ee1
                                            0x052a5ee1
                                            0x052a5ee3
                                            0x052a5f20
                                            0x052a5f20
                                            0x052a5ee5
                                            0x052a5ee5
                                            0x052a5ee5
                                            0x052a5ee8
                                            0x052a5f11
                                            0x052a5f18
                                            0x052a5eea
                                            0x052a5eea
                                            0x052a5eed
                                            0x052a5ef2
                                            0x052a5ef8
                                            0x052a5efb
                                            0x052a5f0a
                                            0x052a5f0a
                                            0x052a5eed
                                            0x052a5ee8
                                            0x052a5f22
                                            0x052a5f28
                                            0x00000000
                                            0x00000000
                                            0x052a5f30
                                            0x052a5f31
                                            0x052a5f37
                                            0x052a5f3a
                                            0x052a5f3d
                                            0x052a5f44
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x052a5f46
                                            0x052a5f48
                                            0x052a5f4d
                                            0x00000000
                                            0x052a5f4d
                                            0x052a5dda
                                            0x052a5ddf
                                            0x00000000
                                            0x052a5ddf
                                            0x052a5dd8
                                            0x052a5da7
                                            0x052a5da9
                                            0x052a5dac
                                            0x052a5dae
                                            0x00000000
                                            0x052a5db4
                                            0x052a5db4
                                            0x00000000
                                            0x052a5db4
                                            0x052a5dae
                                            0x052a5d88
                                            0x052a5d8d
                                            0x052a6363
                                            0x052a6369
                                            0x052a636a
                                            0x052a6370
                                            0x052a6372
                                            0x052a637a
                                            0x052a637b
                                            0x052a637d
                                            0x00000000
                                            0x00000000
                                            0x052a637f
                                            0x052a6385
                                            0x00000000
                                            0x052a6385
                                            0x052a5d38
                                            0x052a5d3b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x052a5d3b
                                            0x052a5d27
                                            0x052a5d29
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x052a6360
                                            0x00000000
                                            0x052a6360
                                            0x052a5c10
                                            0x052a5c10
                                            0x052a63da
                                            0x052a63e5
                                            0x052a63e5

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1b3ace8cc68923832de2ab313d69bb8d68fa216909ea1a9b56d98f75427609cd
                                            • Instruction ID: fdd44f65b24cc3e1d6a9a6126f8051813eac74083afa4ce024c939d63f4492b2
                                            • Opcode Fuzzy Hash: 1b3ace8cc68923832de2ab313d69bb8d68fa216909ea1a9b56d98f75427609cd
                                            • Instruction Fuzzy Hash: BD426076E2025ACFDB24CF68C840BAAB7B1FF45704F1481AAD94DEB242D774A985CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051F4120 Relevance: .4, Instructions: 444COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 92%
                                            			E051F4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x52cd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0520F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E051F6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L051F4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E051F6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M051F45F8))) {
												case 0:
													_v568 = 0x51b1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x51b11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L051F4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0521F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0521F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E051D52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E051EEB70(1, 0x52c79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E051EAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E052195D0();
																			L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0521B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E05213D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0521B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                            0x051f4128
                                            0x051f4135
                                            0x051f413c
                                            0x051f4141
                                            0x051f4145
                                            0x051f4147
                                            0x051f414e
                                            0x051f4151
                                            0x051f4159
                                            0x051f415c
                                            0x051f4160
                                            0x051f4164
                                            0x051f4168
                                            0x051f416c
                                            0x051f417f
                                            0x051f4181
                                            0x051f446a
                                            0x051f446a
                                            0x051f418c
                                            0x051f4195
                                            0x051f4199
                                            0x051f4432
                                            0x051f4439
                                            0x051f443d
                                            0x051f4442
                                            0x051f4447
                                            0x00000000
                                            0x051f419f
                                            0x051f41a3
                                            0x051f41b1
                                            0x051f41b9
                                            0x051f41bd
                                            0x051f45db
                                            0x051f45db
                                            0x00000000
                                            0x051f41c3
                                            0x051f41c3
                                            0x051f41ce
                                            0x051f41d4
                                            0x0523e138
                                            0x0523e13e
                                            0x0523e169
                                            0x0523e16d
                                            0x0523e19e
                                            0x0523e16f
                                            0x0523e16f
                                            0x0523e175
                                            0x0523e179
                                            0x0523e18f
                                            0x0523e193
                                            0x00000000
                                            0x0523e199
                                            0x00000000
                                            0x0523e199
                                            0x0523e193
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051f41da
                                            0x051f41da
                                            0x051f41df
                                            0x051f41e4
                                            0x051f41ec
                                            0x051f4203
                                            0x051f4207
                                            0x0523e1fd
                                            0x051f4222
                                            0x051f4226
                                            0x0523e1f3
                                            0x0523e1f3
                                            0x051f422c
                                            0x051f422c
                                            0x051f4233
                                            0x0523e1ed
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051f4239
                                            0x051f4239
                                            0x051f4239
                                            0x051f4239
                                            0x051f4233
                                            0x051f4226
                                            0x051f41ee
                                            0x051f41ee
                                            0x051f41f4
                                            0x051f4575
                                            0x0523e1b1
                                            0x0523e1b1
                                            0x00000000
                                            0x051f457b
                                            0x051f457b
                                            0x051f4582
                                            0x0523e1ab
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051f4588
                                            0x051f4588
                                            0x051f458c
                                            0x0523e1c4
                                            0x0523e1c4
                                            0x00000000
                                            0x051f4592
                                            0x051f4592
                                            0x051f4599
                                            0x0523e1be
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051f459f
                                            0x051f459f
                                            0x051f45a3
                                            0x0523e1d7
                                            0x0523e1e4
                                            0x00000000
                                            0x051f45a9
                                            0x051f45a9
                                            0x051f45b0
                                            0x0523e1d1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051f45b6
                                            0x051f45b6
                                            0x051f45b6
                                            0x00000000
                                            0x051f45b6
                                            0x051f45b0
                                            0x051f45a3
                                            0x051f4599
                                            0x051f458c
                                            0x051f4582
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051f41f4
                                            0x051f423e
                                            0x051f4241
                                            0x051f45c0
                                            0x051f45c4
                                            0x00000000
                                            0x051f45ca
                                            0x051f45ca
                                            0x00000000
                                            0x0523e207
                                            0x0523e20f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051f45d1
                                            0x00000000
                                            0x00000000
                                            0x051f45ca
                                            0x00000000
                                            0x051f4247
                                            0x051f4247
                                            0x051f4247
                                            0x051f4249
                                            0x051f4249
                                            0x051f4249
                                            0x051f4251
                                            0x051f4251
                                            0x051f4257
                                            0x051f425f
                                            0x051f426e
                                            0x051f4270
                                            0x051f427a
                                            0x0523e219
                                            0x0523e219
                                            0x051f4280
                                            0x051f4282
                                            0x051f4456
                                            0x051f45ea
                                            0x00000000
                                            0x051f45f0
                                            0x0523e223
                                            0x00000000
                                            0x0523e223
                                            0x051f445c
                                            0x051f445c
                                            0x00000000
                                            0x051f445c
                                            0x00000000
                                            0x051f4288
                                            0x051f428c
                                            0x0523e298
                                            0x051f4292
                                            0x051f4292
                                            0x051f429e
                                            0x051f42a3
                                            0x051f42a7
                                            0x051f42ac
                                            0x0523e22d
                                            0x051f42b2
                                            0x051f42b2
                                            0x051f42b9
                                            0x051f42bc
                                            0x051f42c2
                                            0x051f42ca
                                            0x051f42cd
                                            0x051f42cd
                                            0x051f42d4
                                            0x051f433f
                                            0x051f433f
                                            0x051f42d6
                                            0x051f42d6
                                            0x051f42d9
                                            0x051f42dd
                                            0x051f42eb
                                            0x0523e23a
                                            0x051f42f1
                                            0x051f4305
                                            0x051f430d
                                            0x051f4315
                                            0x051f4318
                                            0x051f431f
                                            0x051f4322
                                            0x051f432e
                                            0x051f433b
                                            0x051f433b
                                            0x00000000
                                            0x051f432e
                                            0x051f42eb
                                            0x051f434c
                                            0x051f434e
                                            0x051f4352
                                            0x051f4359
                                            0x051f435e
                                            0x051f4361
                                            0x051f436e
                                            0x051f438a
                                            0x051f438e
                                            0x051f4396
                                            0x051f439e
                                            0x051f43a1
                                            0x051f43ad
                                            0x051f43bb
                                            0x051f43bb
                                            0x051f43ad
                                            0x051f436e
                                            0x051f43bf
                                            0x051f43c5
                                            0x051f4463
                                            0x051f4463
                                            0x051f43ce
                                            0x051f43d5
                                            0x051f43d9
                                            0x051f43df
                                            0x051f4475
                                            0x051f4479
                                            0x051f4491
                                            0x051f4491
                                            0x051f4479
                                            0x051f43e5
                                            0x051f43eb
                                            0x051f43f4
                                            0x051f43f6
                                            0x051f43f9
                                            0x051f43fc
                                            0x051f43ff
                                            0x051f44e8
                                            0x051f44ed
                                            0x051f44f3
                                            0x0523e247
                                            0x00000000
                                            0x051f44f9
                                            0x051f4504
                                            0x051f4508
                                            0x051f450f
                                            0x0523e269
                                            0x00000000
                                            0x051f4515
                                            0x051f4519
                                            0x051f4531
                                            0x051f4534
                                            0x051f4537
                                            0x051f453e
                                            0x051f4541
                                            0x051f454a
                                            0x0523e255
                                            0x0523e255
                                            0x0523e25b
                                            0x0523e25e
                                            0x0523e261
                                            0x0523e261
                                            0x051f4555
                                            0x051f4559
                                            0x051f455d
                                            0x0523e26d
                                            0x0523e270
                                            0x0523e274
                                            0x0523e27a
                                            0x0523e27d
                                            0x0523e28e
                                            0x0523e28e
                                            0x051f4563
                                            0x051f4563
                                            0x051f4569
                                            0x051f4569
                                            0x00000000
                                            0x051f455d
                                            0x051f450f
                                            0x00000000
                                            0x051f44f3
                                            0x051f43ff
                                            0x051f4405
                                            0x051f4405
                                            0x051f4405
                                            0x051f42ac
                                            0x051f428c
                                            0x051f4282
                                            0x051f4407
                                            0x051f440d
                                            0x0523e2af
                                            0x0523e2af
                                            0x051f4413
                                            0x051f4413
                                            0x00000000
                                            0x051f41d4
                                            0x00000000
                                            0x051f41c3
                                            0x051f41bd
                                            0x051f4415
                                            0x051f4415
                                            0x051f4416
                                            0x051f4417
                                            0x051f4429
                                            0x051f416e
                                            0x051f416e
                                            0x051f4175
                                            0x051f4498
                                            0x051f449f
                                            0x0523e12d
                                            0x00000000
                                            0x0523e133
                                            0x00000000
                                            0x0523e133
                                            0x051f44a5
                                            0x051f44a5
                                            0x051f44aa
                                            0x00000000
                                            0x051f44bb
                                            0x051f44ca
                                            0x051f44d6
                                            0x051f44d7
                                            0x051f44d8
                                            0x051f44e3
                                            0x051f44e3
                                            0x051f44aa
                                            0x051f417b
                                            0x051f417b
                                            0x051f417b
                                            0x00000000
                                            0x051f417b
                                            0x051f4175
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9aede683a9db0a4cfaf4f4a3eebc38e81961999047ee41804667a25e177ed504
                                            • Instruction ID: 2e281ecdcb19b0a4f567e65a12df008c723f6e185702c53d429b246c6fcc45fa
                                            • Opcode Fuzzy Hash: 9aede683a9db0a4cfaf4f4a3eebc38e81961999047ee41804667a25e177ed504
                                            • Instruction Fuzzy Hash: AFF170706183118BCB28DF19C485A3BB7E6FF88714F05492EF99ACB250E7B4D985CB52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052020A0 Relevance: .4, Instructions: 420COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 92%
                                            			E052020A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x52c8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E05202EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E05202EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E051D58EC(_t240);
									_t221 =  *0x52c5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x52c5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E05214A2C(0x52c6e40, 0x5214b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E051F7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x51b5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0520F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0520F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E05257016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L051F2400(_t267 + 0x20);
															}
															L051F2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E05202397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E051F2280(_t134, 0x52c8608);
									__eflags =  *0x52c6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E051EFFB0(_t198, _t241, 0x52c8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x52c6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x52c8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E05206B90(_t210,  &_v64);
										_t262 =  *0x52c8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0520E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E052197C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0521006A(0x52c8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x52c8608);
												E0521B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x52c6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x52c6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E051EFFB0(_t198, _t240, 0x52c8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E052100C2(0x52c8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                            0x052020a0
                                            0x052020a8
                                            0x052020ad
                                            0x052020b3
                                            0x052020b8
                                            0x052020c2
                                            0x052020c7
                                            0x052020cb
                                            0x052020d2
                                            0x05202263
                                            0x05202266
                                            0x05245836
                                            0x05245836
                                            0x00000000
                                            0x0520226c
                                            0x0520226c
                                            0x05202270
                                            0x05202274
                                            0x052020e2
                                            0x052020e2
                                            0x052020e6
                                            0x052020ee
                                            0x052457dc
                                            0x052457de
                                            0x052457ec
                                            0x052457ec
                                            0x052457f1
                                            0x052457f3
                                            0x052457f8
                                            0x00000000
                                            0x052457f8
                                            0x052457e0
                                            0x052457e4
                                            0x052457ea
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x052457ea
                                            0x052020f4
                                            0x052020f4
                                            0x052020f8
                                            0x052020f8
                                            0x052020fc
                                            0x05202100
                                            0x05202106
                                            0x05202201
                                            0x05202206
                                            0x0520220b
                                            0x0520220e
                                            0x052022a9
                                            0x052022ac
                                            0x00000000
                                            0x00000000
                                            0x052022b2
                                            0x052022b5
                                            0x05245801
                                            0x05245806
                                            0x00000000
                                            0x00000000
                                            0x05245810
                                            0x05245815
                                            0x05245818
                                            0x00000000
                                            0x00000000
                                            0x0524581e
                                            0x052022bb
                                            0x052022bb
                                            0x05202218
                                            0x05202218
                                            0x0520221c
                                            0x05202220
                                            0x05202222
                                            0x052022c2
                                            0x052022c4
                                            0x052022dc
                                            0x052022dc
                                            0x052022e1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x052022e7
                                            0x052022c8
                                            0x052022cd
                                            0x052022d3
                                            0x052022d6
                                            0x05245823
                                            0x05245825
                                            0x05245827
                                            0x00000000
                                            0x00000000
                                            0x0524582d
                                            0x00000000
                                            0x0524582d
                                            0x00000000
                                            0x05202228
                                            0x05202228
                                            0x00000000
                                            0x05202228
                                            0x05202222
                                            0x05202214
                                            0x05202214
                                            0x00000000
                                            0x05202114
                                            0x05202114
                                            0x05202114
                                            0x0520211a
                                            0x0520211c
                                            0x05202348
                                            0x0520234d
                                            0x05245840
                                            0x05245845
                                            0x05245848
                                            0x0524584e
                                            0x0524584e
                                            0x05245848
                                            0x05202353
                                            0x05202355
                                            0x05202388
                                            0x05202388
                                            0x05202368
                                            0x0520236a
                                            0x0520236c
                                            0x0520238f
                                            0x00000000
                                            0x0520236e
                                            0x0520236e
                                            0x0520218e
                                            0x0520218e
                                            0x05202191
                                            0x05202195
                                            0x05245a03
                                            0x05245a06
                                            0x05245a0c
                                            0x05245a0f
                                            0x05245a11
                                            0x05245a13
                                            0x05245a13
                                            0x05245a19
                                            0x05245a1f
                                            0x00000000
                                            0x0520219b
                                            0x0520219b
                                            0x052021a0
                                            0x05202282
                                            0x05202284
                                            0x05202284
                                            0x05202284
                                            0x05202284
                                            0x052021a6
                                            0x052021a9
                                            0x052021ac
                                            0x052021ae
                                            0x052021b3
                                            0x0520228b
                                            0x05202290
                                            0x05202379
                                            0x05202296
                                            0x05202298
                                            0x05202298
                                            0x05202290
                                            0x052021b9
                                            0x052021be
                                            0x052022a2
                                            0x052022a2
                                            0x052021c4
                                            0x052021c8
                                            0x052021cc
                                            0x052021d0
                                            0x052021d4
                                            0x052021de
                                            0x052021e3
                                            0x05245a29
                                            0x05245a2c
                                            0x00000000
                                            0x00000000
                                            0x05245a3b
                                            0x00000000
                                            0x052021e9
                                            0x052021e9
                                            0x052021e9
                                            0x052021ee
                                            0x052021f1
                                            0x05245a45
                                            0x05245a4b
                                            0x05245a52
                                            0x05245a58
                                            0x05245a5d
                                            0x05245a5f
                                            0x05245a71
                                            0x05245a61
                                            0x05245a6a
                                            0x05245a6a
                                            0x05245a76
                                            0x05245a79
                                            0x05245a7f
                                            0x05245a83
                                            0x05245a85
                                            0x05245a87
                                            0x05245a87
                                            0x05245a8c
                                            0x05245a91
                                            0x05245a97
                                            0x05245a9f
                                            0x05245aa0
                                            0x05245aa1
                                            0x05245aa6
                                            0x05245aab
                                            0x05245ab1
                                            0x05245ab3
                                            0x05245ab9
                                            0x05245aca
                                            0x05245ad4
                                            0x05245ad4
                                            0x05245ade
                                            0x05245ade
                                            0x05245aab
                                            0x05245a79
                                            0x05245a52
                                            0x052021f7
                                            0x052021f9
                                            0x052021fe
                                            0x052021fe
                                            0x052021e3
                                            0x05202195
                                            0x0520236c
                                            0x05202122
                                            0x05202122
                                            0x05202124
                                            0x05202231
                                            0x05202236
                                            0x05202236
                                            0x05202238
                                            0x05202238
                                            0x05202240
                                            0x05202242
                                            0x05202244
                                            0x052459fc
                                            0x0520218c
                                            0x0520218c
                                            0x00000000
                                            0x0520218c
                                            0x0520224a
                                            0x0520224f
                                            0x05202256
                                            0x05202304
                                            0x05202309
                                            0x0520230f
                                            0x0520231e
                                            0x0520231e
                                            0x0520231e
                                            0x05202320
                                            0x05202325
                                            0x0520232a
                                            0x0520232c
                                            0x0520233e
                                            0x0520233e
                                            0x00000000
                                            0x0520232c
                                            0x05202311
                                            0x05202317
                                            0x0520231a
                                            0x0520231c
                                            0x05202380
                                            0x05202380
                                            0x05202380
                                            0x05202384
                                            0x00000000
                                            0x00000000
                                            0x05202386
                                            0x00000000
                                            0x0520231c
                                            0x0520225c
                                            0x0520225c
                                            0x00000000
                                            0x0520225c
                                            0x0520212a
                                            0x05202134
                                            0x05202138
                                            0x0520213d
                                            0x05245858
                                            0x05245863
                                            0x05245863
                                            0x05245867
                                            0x0524586a
                                            0x00000000
                                            0x00000000
                                            0x0524586c
                                            0x0524586c
                                            0x05245871
                                            0x05245875
                                            0x05245877
                                            0x05245997
                                            0x0524599c
                                            0x052459a1
                                            0x052459a7
                                            0x052459a7
                                            0x00000000
                                            0x052459a7
                                            0x0524587d
                                            0x00000000
                                            0x0524588b
                                            0x0524588b
                                            0x05245890
                                            0x05245892
                                            0x05245894
                                            0x05245899
                                            0x0524589b
                                            0x052458a0
                                            0x052458a0
                                            0x052458aa
                                            0x052458b2
                                            0x052458b6
                                            0x052458be
                                            0x052458c6
                                            0x052458c9
                                            0x0524590d
                                            0x05245917
                                            0x0524591a
                                            0x0524591c
                                            0x05245920
                                            0x05245928
                                            0x0524592a
                                            0x0524592c
                                            0x0524592e
                                            0x0524592e
                                            0x052458cb
                                            0x052458cd
                                            0x052458d8
                                            0x052458e0
                                            0x052458f4
                                            0x052458fe
                                            0x052458fe
                                            0x0524593a
                                            0x0524593e
                                            0x05245940
                                            0x05245942
                                            0x00000000
                                            0x05245944
                                            0x05245944
                                            0x05245949
                                            0x0524594e
                                            0x0524594e
                                            0x05245953
                                            0x0524595b
                                            0x05245976
                                            0x05245976
                                            0x0524597a
                                            0x0524597f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05245981
                                            0x05245981
                                            0x05245981
                                            0x05245983
                                            0x05245988
                                            0x0524598d
                                            0x05245991
                                            0x05245991
                                            0x00000000
                                            0x0524595d
                                            0x0524595d
                                            0x05245963
                                            0x05245965
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05245967
                                            0x05245967
                                            0x0524596b
                                            0x0524596d
                                            0x00000000
                                            0x00000000
                                            0x0524596f
                                            0x05245971
                                            0x05245971
                                            0x05245974
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05245974
                                            0x00000000
                                            0x05245967
                                            0x0524595b
                                            0x05245942
                                            0x05245863
                                            0x05202143
                                            0x05202143
                                            0x05202149
                                            0x0520214f
                                            0x052022f1
                                            0x052022f6
                                            0x00000000
                                            0x05202173
                                            0x05202173
                                            0x0520217d
                                            0x05202181
                                            0x05202186
                                            0x052459ae
                                            0x052459b2
                                            0x052459b5
                                            0x052459b7
                                            0x052459ba
                                            0x052459cd
                                            0x052459d1
                                            0x052459d5
                                            0x052459d9
                                            0x052459db
                                            0x00000000
                                            0x00000000
                                            0x052459dd
                                            0x052459dd
                                            0x052459e1
                                            0x052459e4
                                            0x052459e7
                                            0x052459ee
                                            0x052459ee
                                            0x052459f3
                                            0x052459f3
                                            0x00000000
                                            0x05202186
                                            0x0520214f
                                            0x05202106
                                            0x05202266
                                            0x052020d8
                                            0x052020da
                                            0x052020e0
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 459a4209bf81db31e9dd01aaefd0108746ccce8e02bdbaaafb368295839b9a7e
                                            • Instruction ID: 1242f0d75602ee8f9494ee54f2365d1115a5eb861b7c22ad3b9a5d8b5bc9ab1a
                                            • Opcode Fuzzy Hash: 459a4209bf81db31e9dd01aaefd0108746ccce8e02bdbaaafb368295839b9a7e
                                            • Instruction Fuzzy Hash: 44F1E535729342DFD729CB28C448B2BBBE6BF85314F04951EE8999B2C2D774D841CB82
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051ED5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E051ED5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x52cd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E051E6600(0x52c52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x52c7b9c; // 0x0
							_t281 = L051F4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0521F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x52c7b90; // 0x774a0000
								if(_t384 == 0) {
									_t353 =  *0x52c7b8c; // 0x902b18
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E051F2280(_t200, 0x52c84d8);
									_t277 =  *0x52c85f4; // 0x903008
									_t351 =  *0x52c85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t353 = _t277 - 0x68;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E051EFFB0(_t287, _t353, 0x52c84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0522CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E051E6600(0x52c52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E051E7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x52cb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0525E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x52c8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x52cb218; // 0x0
														asm("ror edi, cl");
														 *0x52cb1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E051F2280(_t250, 0x52c84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L05213898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E051EFFB0(_t293, _t353, 0x52c84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E052137F5(_t353, 0);
																}
																E05210413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E05209B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E052002D6(_t174);
																}
																L051F77F0( *0x52c7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0520C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L051EEC7F(_t353);
										L052019B8(_t287, 0, _t353, 0);
										_t200 = E051DF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0521B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x52cb2f8; // 0x1010000
									if((_t206 |  *0x52cb2fc) == 0 || ( *0x52cb2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x52cb2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E05286B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E05286AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E051EE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L051EEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E05219730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E051EE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L051E8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E05213C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                            0x051ed5f2
                                            0x051ed5f5
                                            0x051ed5f5
                                            0x051ed5fd
                                            0x051ed600
                                            0x051ed60a
                                            0x051ed60d
                                            0x051ed617
                                            0x051ed61d
                                            0x051ed627
                                            0x051ed62e
                                            0x051ed911
                                            0x051ed913
                                            0x00000000
                                            0x051ed919
                                            0x051ed919
                                            0x051ed919
                                            0x051ed634
                                            0x051ed634
                                            0x051ed634
                                            0x051ed634
                                            0x051ed640
                                            0x051ed8bf
                                            0x00000000
                                            0x051ed646
                                            0x051ed646
                                            0x051ed64d
                                            0x051ed652
                                            0x0523b2fc
                                            0x0523b2fc
                                            0x0523b302
                                            0x0523b33b
                                            0x0523b341
                                            0x00000000
                                            0x0523b304
                                            0x0523b304
                                            0x0523b319
                                            0x0523b31e
                                            0x0523b324
                                            0x0523b326
                                            0x0523b332
                                            0x0523b347
                                            0x0523b34c
                                            0x0523b351
                                            0x0523b35a
                                            0x00000000
                                            0x0523b328
                                            0x0523b328
                                            0x00000000
                                            0x0523b328
                                            0x0523b326
                                            0x051ed658
                                            0x051ed658
                                            0x051ed65b
                                            0x051ed665
                                            0x00000000
                                            0x051ed66b
                                            0x051ed66b
                                            0x051ed66b
                                            0x051ed66b
                                            0x051ed66d
                                            0x051ed672
                                            0x051ed67a
                                            0x00000000
                                            0x00000000
                                            0x051ed680
                                            0x051ed686
                                            0x051ed8ce
                                            0x051ed8d4
                                            0x051ed8dd
                                            0x051ed8e0
                                            0x051ed68c
                                            0x051ed691
                                            0x051ed69d
                                            0x051ed6a2
                                            0x051ed6a7
                                            0x051ed6b0
                                            0x051ed6b5
                                            0x051ed6e0
                                            0x051ed6b7
                                            0x051ed6b7
                                            0x051ed6b9
                                            0x051ed6b9
                                            0x051ed6bb
                                            0x051ed6bd
                                            0x051ed6ce
                                            0x051ed6d0
                                            0x051ed6d2
                                            0x0523b363
                                            0x0523b365
                                            0x00000000
                                            0x0523b36b
                                            0x00000000
                                            0x0523b36b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051ed6bf
                                            0x051ed6bf
                                            0x051ed6e5
                                            0x051ed6e7
                                            0x051ed6e9
                                            0x051ed6ec
                                            0x051ed6ef
                                            0x051ed6f5
                                            0x051ed6f9
                                            0x051ed6fb
                                            0x051ed6fd
                                            0x051ed701
                                            0x051ed703
                                            0x051ed70a
                                            0x051ed70a
                                            0x051ed701
                                            0x051ed710
                                            0x051ed710
                                            0x051ed6c1
                                            0x051ed6c1
                                            0x051ed6c6
                                            0x0523b36d
                                            0x0523b36f
                                            0x00000000
                                            0x0523b375
                                            0x0523b375
                                            0x0523b375
                                            0x00000000
                                            0x0523b375
                                            0x00000000
                                            0x051ed6cc
                                            0x051ed6d8
                                            0x051ed6d8
                                            0x051ed6d8
                                            0x00000000
                                            0x051ed6c6
                                            0x051ed6bf
                                            0x00000000
                                            0x051ed6da
                                            0x051ed6da
                                            0x051ed716
                                            0x051ed71b
                                            0x051ed720
                                            0x051ed726
                                            0x051ed726
                                            0x051ed72d
                                            0x00000000
                                            0x051ed733
                                            0x051ed739
                                            0x051ed742
                                            0x051ed750
                                            0x051ed758
                                            0x051ed764
                                            0x051ed776
                                            0x051ed77a
                                            0x051ed783
                                            0x051ed928
                                            0x051ed92c
                                            0x051ed93d
                                            0x051ed944
                                            0x051ed94f
                                            0x051ed954
                                            0x051ed956
                                            0x051ed95f
                                            0x051ed961
                                            0x051ed973
                                            0x051ed973
                                            0x051ed956
                                            0x051ed944
                                            0x051ed92c
                                            0x051ed78b
                                            0x0523b394
                                            0x051ed791
                                            0x051ed798
                                            0x0523b3a3
                                            0x0523b3bb
                                            0x0523b3bb
                                            0x051ed7a5
                                            0x051ed866
                                            0x051ed870
                                            0x051ed884
                                            0x051ed892
                                            0x051ed898
                                            0x051ed89e
                                            0x051ed8a0
                                            0x051ed8a6
                                            0x051ed8ac
                                            0x051ed8ae
                                            0x051ed8b4
                                            0x051ed8b4
                                            0x051ed8ae
                                            0x051ed7a5
                                            0x051ed78b
                                            0x051ed7b1
                                            0x0523b3c5
                                            0x0523b3c5
                                            0x051ed7c3
                                            0x051ed7ca
                                            0x051ed7e5
                                            0x051ed7eb
                                            0x051ed8eb
                                            0x051ed8ed
                                            0x00000000
                                            0x051ed8f3
                                            0x051ed8f3
                                            0x051ed8f3
                                            0x00000000
                                            0x051ed8ed
                                            0x051ed7cc
                                            0x051ed7cc
                                            0x051ed7d2
                                            0x00000000
                                            0x051ed7d4
                                            0x051ed7d4
                                            0x051ed7d7
                                            0x051ed7df
                                            0x0523b3d4
                                            0x0523b3d9
                                            0x0523b3dc
                                            0x0523b3dc
                                            0x0523b3df
                                            0x0523b3e2
                                            0x0523b468
                                            0x0523b46d
                                            0x0523b46f
                                            0x0523b46f
                                            0x0523b475
                                            0x051ed8f8
                                            0x051ed8f9
                                            0x051ed8fd
                                            0x0523b3e8
                                            0x0523b3e8
                                            0x0523b3eb
                                            0x0523b3ed
                                            0x00000000
                                            0x0523b3ef
                                            0x0523b3ef
                                            0x0523b3f1
                                            0x0523b3f4
                                            0x0523b3fe
                                            0x0523b404
                                            0x0523b409
                                            0x0523b40e
                                            0x0523b410
                                            0x0523b410
                                            0x0523b414
                                            0x0523b414
                                            0x0523b41b
                                            0x0523b420
                                            0x0523b423
                                            0x0523b425
                                            0x0523b427
                                            0x0523b42a
                                            0x0523b42d
                                            0x0523b42d
                                            0x0523b42a
                                            0x0523b432
                                            0x0523b436
                                            0x0523b438
                                            0x0523b43b
                                            0x0523b43b
                                            0x0523b449
                                            0x0523b44e
                                            0x0523b454
                                            0x0523b458
                                            0x0523b458
                                            0x0523b45d
                                            0x00000000
                                            0x0523b45d
                                            0x0523b3ed
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051ed7df
                                            0x051ed7d2
                                            0x051ed7ca
                                            0x0523b37c
                                            0x0523b37e
                                            0x0523b385
                                            0x0523b38a
                                            0x00000000
                                            0x0523b38a
                                            0x051ed742
                                            0x051ed7f1
                                            0x051ed7f8
                                            0x0523b49b
                                            0x0523b49b
                                            0x051ed800
                                            0x051ed837
                                            0x051ed843
                                            0x051ed845
                                            0x051ed847
                                            0x051ed84a
                                            0x051ed84b
                                            0x051ed84e
                                            0x051ed857
                                            0x051ed802
                                            0x051ed802
                                            0x051ed80d
                                            0x00000000
                                            0x051ed818
                                            0x051ed818
                                            0x051ed824
                                            0x051ed831
                                            0x0523b4a5
                                            0x0523b4ab
                                            0x0523b4b3
                                            0x0523b4b8
                                            0x0523b4bb
                                            0x00000000
                                            0x0523b4c1
                                            0x0523b4c1
                                            0x0523b4c8
                                            0x00000000
                                            0x0523b4ce
                                            0x0523b4d4
                                            0x0523b4e1
                                            0x0523b4e3
                                            0x0523b4e5
                                            0x00000000
                                            0x0523b4eb
                                            0x0523b4f0
                                            0x0523b4f2
                                            0x051edac9
                                            0x051edacc
                                            0x051edacf
                                            0x051edad1
                                            0x051edd78
                                            0x051edd78
                                            0x051edcf2
                                            0x00000000
                                            0x051edad7
                                            0x051edad9
                                            0x051edadb
                                            0x00000000
                                            0x00000000
                                            0x051edae1
                                            0x051edae1
                                            0x051edae4
                                            0x051edae6
                                            0x0523b4f9
                                            0x0523b4f9
                                            0x0523b500
                                            0x051edaec
                                            0x051edaec
                                            0x051edaf5
                                            0x051edaf8
                                            0x051edafb
                                            0x051edb03
                                            0x051edb11
                                            0x051edb16
                                            0x051edb19
                                            0x051edb1b
                                            0x0523b52c
                                            0x0523b531
                                            0x0523b534
                                            0x051edb21
                                            0x051edb21
                                            0x051edb24
                                            0x051edcd9
                                            0x051edce2
                                            0x051edce5
                                            0x051edd6a
                                            0x051edd6d
                                            0x00000000
                                            0x051edd73
                                            0x0523b51a
                                            0x0523b51c
                                            0x0523b51f
                                            0x0523b524
                                            0x00000000
                                            0x0523b524
                                            0x051edce7
                                            0x051edce7
                                            0x051edce7
                                            0x00000000
                                            0x051edce7
                                            0x00000000
                                            0x051edb2a
                                            0x051edb2c
                                            0x051edb31
                                            0x051edb33
                                            0x051edb36
                                            0x051edb39
                                            0x051edb3b
                                            0x051edb66
                                            0x051edb66
                                            0x051edb3d
                                            0x051edb3d
                                            0x051edb3e
                                            0x051edb46
                                            0x051edb47
                                            0x051edb49
                                            0x051edb4c
                                            0x051edb53
                                            0x051edb55
                                            0x051edb58
                                            0x051edb5a
                                            0x0523b50a
                                            0x0523b50f
                                            0x0523b512
                                            0x051edb60
                                            0x051edb60
                                            0x051edb63
                                            0x051edb63
                                            0x00000000
                                            0x051edb63
                                            0x051edb5a
                                            0x051edb3b
                                            0x051edb24
                                            0x051edb69
                                            0x051edb69
                                            0x051edb6c
                                            0x051edb6f
                                            0x051edb74
                                            0x0523b557
                                            0x0523b557
                                            0x0523b55e
                                            0x051edb7a
                                            0x051edb7c
                                            0x051edb7f
                                            0x051edb82
                                            0x051edb85
                                            0x00000000
                                            0x051edb8b
                                            0x051edb8b
                                            0x051edb8d
                                            0x051edb9b
                                            0x051edb9b
                                            0x051edb9d
                                            0x051edba0
                                            0x051edba2
                                            0x051edba4
                                            0x051edba7
                                            0x051edba9
                                            0x051edbae
                                            0x051edbae
                                            0x051edbb1
                                            0x051edbb4
                                            0x051edbb4
                                            0x051edbb7
                                            0x051edbba
                                            0x051edcd2
                                            0x051edcd4
                                            0x00000000
                                            0x051edbc0
                                            0x051edbc0
                                            0x051edbd2
                                            0x051edbd7
                                            0x051edbda
                                            0x051edbdd
                                            0x051edbdf
                                            0x00000000
                                            0x051edbe5
                                            0x051edbe5
                                            0x051edbee
                                            0x051edbf1
                                            0x0523b541
                                            0x0523b544
                                            0x00000000
                                            0x0523b546
                                            0x0523b546
                                            0x00000000
                                            0x0523b546
                                            0x051edbf7
                                            0x051edbf7
                                            0x051edbfd
                                            0x051edbfd
                                            0x051edbff
                                            0x051edc0b
                                            0x051edc15
                                            0x051edc1b
                                            0x051edc1d
                                            0x051edc21
                                            0x051edc21
                                            0x051edc23
                                            0x051edc23
                                            0x051edc26
                                            0x051edc29
                                            0x051edc2b
                                            0x00000000
                                            0x00000000
                                            0x051edc31
                                            0x051edc34
                                            0x051edc36
                                            0x051edcbf
                                            0x051edcbf
                                            0x051edcc2
                                            0x00000000
                                            0x051edc3c
                                            0x051edc41
                                            0x051edc43
                                            0x00000000
                                            0x051edc45
                                            0x051edc45
                                            0x051edc47
                                            0x00000000
                                            0x051edc4d
                                            0x051edc4d
                                            0x051edc50
                                            0x051edc52
                                            0x051edc55
                                            0x051edcfa
                                            0x051edcfe
                                            0x051edd08
                                            0x051edd0a
                                            0x051edd0c
                                            0x00000000
                                            0x051edd12
                                            0x051edd15
                                            0x051edd2d
                                            0x051edd2f
                                            0x051edd32
                                            0x051edd35
                                            0x00000000
                                            0x051edd35
                                            0x051edc5b
                                            0x051edc5b
                                            0x051edc5e
                                            0x051edc61
                                            0x051edc64
                                            0x051edc67
                                            0x051edc67
                                            0x051edc6a
                                            0x051edc6c
                                            0x051edc8e
                                            0x051edc8e
                                            0x051edc91
                                            0x051edc93
                                            0x051edcce
                                            0x051edcce
                                            0x051edc95
                                            0x051edc9c
                                            0x051edc6e
                                            0x051edc72
                                            0x051edc75
                                            0x051edc77
                                            0x051edc79
                                            0x0523b551
                                            0x0523b551
                                            0x00000000
                                            0x051edc7f
                                            0x051edc7f
                                            0x051edc81
                                            0x00000000
                                            0x051edc83
                                            0x051edc86
                                            0x051edc88
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051edc88
                                            0x051edc81
                                            0x051edc79
                                            0x051edc6c
                                            0x051edc55
                                            0x051edc47
                                            0x051edc43
                                            0x00000000
                                            0x051edc36
                                            0x051edc23
                                            0x00000000
                                            0x051edbff
                                            0x051edbf1
                                            0x051edbdf
                                            0x051edb8f
                                            0x051edb92
                                            0x051edb95
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051edb95
                                            0x051edb8d
                                            0x051edb85
                                            0x051edb74
                                            0x051edc9f
                                            0x051edca2
                                            0x051edcb0
                                            0x051edcb0
                                            0x051edad1
                                            0x0523b4e5
                                            0x0523b4c8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051ed831
                                            0x051ed80d
                                            0x00000000
                                            0x051ed800
                                            0x0523b47f
                                            0x0523b485
                                            0x00000000
                                            0x0523b485
                                            0x051ed665
                                            0x051ed652
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ba548b82fc300d521a9b30b82ec23569a6c10265530e3ced04f04565b1cf74ff
                                            • Instruction ID: 646a94aa5c8361609cae4666a944286727e7c2457fc93adb6c87d4cc7159b56c
                                            • Opcode Fuzzy Hash: ba548b82fc300d521a9b30b82ec23569a6c10265530e3ced04f04565b1cf74ff
                                            • Instruction Fuzzy Hash: 6BE1E170B14B598FDB34DF24D899BB9BBB2BF45304F05019DE90A97291DB30AD81CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051E849B Relevance: .3, Instructions: 290COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 92%
                                            			E051E849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x52af9c0);
				E0522D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x52c7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E051ECEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E051F2280( *[fs:0x30], 0x52c8550);
						_t139 =  *0x52c7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0520F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E051EFFB0(_t193, _t235, 0x52c8550);
								L5:
								return E0522D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E051D1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x52c7b9c; // 0x0
							_t235 = L051F4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x52c7b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0520A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E051EFFB0(_t193, _t235, 0x52c8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L051F77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L051F77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x52c7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x52c7b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E052137C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x52c7b9c; // 0x0
									_t214 = L051F4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E052137F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x52c7b10 =  *0x52c7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x52c7b04 =  *0x52c7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L051F77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L051F77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x52c7b08 =  *0x52c7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E052157C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0521F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L051F77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0520A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L051F77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E052196C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                            0x051e849b
                                            0x051e849b
                                            0x051e849b
                                            0x051e849b
                                            0x051e849d
                                            0x051e84a2
                                            0x051e84a7
                                            0x051e84b1
                                            0x051e84d8
                                            0x00000000
                                            0x051e84b3
                                            0x051e84c4
                                            0x051e84c9
                                            0x051e84cd
                                            0x051e84cf
                                            0x051e84cf
                                            0x051e84d6
                                            0x051e84e6
                                            0x051e84e9
                                            0x051e84ec
                                            0x051e84ef
                                            0x051e84f2
                                            0x051e84f4
                                            0x051e84fc
                                            0x051e8501
                                            0x051e8506
                                            0x051e8509
                                            0x051e86e0
                                            0x051e86e5
                                            0x051e86e8
                                            0x051e86ed
                                            0x051e86f0
                                            0x051e86f2
                                            0x05239afd
                                            0x05239b02
                                            0x051e84da
                                            0x051e84df
                                            0x051e84df
                                            0x051e86fa
                                            0x051e86fd
                                            0x051e86fe
                                            0x051e8701
                                            0x051e8706
                                            0x051e8709
                                            0x051e870b
                                            0x00000000
                                            0x00000000
                                            0x051e8711
                                            0x051e8725
                                            0x051e8727
                                            0x051e872a
                                            0x051e872c
                                            0x05239af0
                                            0x05239af5
                                            0x051e8732
                                            0x051e8732
                                            0x051e8732
                                            0x051e8735
                                            0x051e8737
                                            0x051e8515
                                            0x051e8515
                                            0x051e8518
                                            0x051e851d
                                            0x051e8523
                                            0x051e8527
                                            0x051e852b
                                            0x051e8537
                                            0x051e8539
                                            0x051e853c
                                            0x051e853e
                                            0x051e868c
                                            0x051e8691
                                            0x051e8699
                                            0x051e869b
                                            0x051e8744
                                            0x051e8748
                                            0x051e86a1
                                            0x051e86a1
                                            0x051e86a1
                                            0x051e86a4
                                            0x051e86a8
                                            0x05239bdf
                                            0x05239bdf
                                            0x051e86ae
                                            0x051e86b0
                                            0x00000000
                                            0x051e86b6
                                            0x00000000
                                            0x05239be9
                                            0x051e86b0
                                            0x051e8544
                                            0x051e854a
                                            0x051e854d
                                            0x051e8551
                                            0x051e876e
                                            0x051e8778
                                            0x051e877b
                                            0x051e8780
                                            0x051e8557
                                            0x051e8557
                                            0x051e855d
                                            0x051e855d
                                            0x051e856b
                                            0x051e856e
                                            0x051e8570
                                            0x051e8573
                                            0x051e8576
                                            0x051e8576
                                            0x051e8579
                                            0x051e857b
                                            0x00000000
                                            0x00000000
                                            0x051e8581
                                            0x051e85a0
                                            0x051e85a2
                                            0x051e85a5
                                            0x051e85a7
                                            0x05239b1b
                                            0x05239b1b
                                            0x051e862e
                                            0x051e862e
                                            0x051e8631
                                            0x051e8631
                                            0x051e8634
                                            0x051e8636
                                            0x051e8669
                                            0x051e8669
                                            0x051e866b
                                            0x05239bbf
                                            0x05239bc4
                                            0x05239bc8
                                            0x05239bce
                                            0x05239bce
                                            0x051e8671
                                            0x051e8671
                                            0x051e8674
                                            0x051e8676
                                            0x05239bae
                                            0x05239bae
                                            0x051e8676
                                            0x051e867c
                                            0x051e867e
                                            0x051e8688
                                            0x051e8688
                                            0x00000000
                                            0x051e867e
                                            0x051e8638
                                            0x051e8638
                                            0x051e863b
                                            0x051e863e
                                            0x051e863f
                                            0x051e8642
                                            0x051e8645
                                            0x051e8648
                                            0x051e864d
                                            0x05239b69
                                            0x05239b6e
                                            0x05239b7b
                                            0x05239b81
                                            0x05239b85
                                            0x05239b89
                                            0x05239ba7
                                            0x05239b8b
                                            0x05239b91
                                            0x05239b9a
                                            0x05239b9f
                                            0x05239b9f
                                            0x051e8788
                                            0x051e878d
                                            0x051e8763
                                            0x051e8763
                                            0x051e8766
                                            0x00000000
                                            0x051e8766
                                            0x05239b70
                                            0x00000000
                                            0x05239b70
                                            0x051e8656
                                            0x051e865a
                                            0x051e865c
                                            0x051e8752
                                            0x051e8756
                                            0x00000000
                                            0x00000000
                                            0x051e875e
                                            0x00000000
                                            0x051e875e
                                            0x051e8662
                                            0x051e8662
                                            0x051e8662
                                            0x051e8666
                                            0x00000000
                                            0x051e8666
                                            0x051e85b7
                                            0x051e85b9
                                            0x051e85bc
                                            0x051e85bf
                                            0x051e85cc
                                            0x051e85d1
                                            0x051e85d4
                                            0x051e85db
                                            0x051e85de
                                            0x051e85e0
                                            0x05239b5f
                                            0x00000000
                                            0x05239b5f
                                            0x051e85e6
                                            0x051e85ea
                                            0x051e86c3
                                            0x051e86c5
                                            0x051e86c8
                                            0x051e86ca
                                            0x05239b16
                                            0x00000000
                                            0x05239b16
                                            0x051e86d6
                                            0x051e85f6
                                            0x051e85f6
                                            0x051e85f9
                                            0x051e8602
                                            0x051e8606
                                            0x051e860a
                                            0x051e860b
                                            0x051e860e
                                            0x051e8611
                                            0x00000000
                                            0x051e8611
                                            0x051e85f3
                                            0x00000000
                                            0x051e85f3
                                            0x051e8619
                                            0x051e861e
                                            0x051e861e
                                            0x051e8621
                                            0x051e8622
                                            0x051e8623
                                            0x051e8625
                                            0x051e862c
                                            0x00000000
                                            0x051e873d
                                            0x00000000
                                            0x051e873d
                                            0x051e8737
                                            0x051e850f
                                            0x051e8512
                                            0x00000000
                                            0x051e8512
                                            0x00000000
                                            0x051e84d6

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 65a3a4138cec3b36926a6c1dd18859831c49f314e49908c9328f84b07f8dd38d
                                            • Instruction ID: 008ea9f73805558e8440204af061e8566d1e67ecc80075698b70ef23c2b96f3b
                                            • Opcode Fuzzy Hash: 65a3a4138cec3b36926a6c1dd18859831c49f314e49908c9328f84b07f8dd38d
                                            • Instruction Fuzzy Hash: 80B15FB0F14609EFDB29DF99C984AADBBB6FF49304F144129E405AB246DB70AD41CF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520513A Relevance: .3, Instructions: 258COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E0520513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x52cd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0521D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E051F2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L051F4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0521F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E051EFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x52cb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0521B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                            0x05205142
                                            0x0520514c
                                            0x05205150
                                            0x05205157
                                            0x05205159
                                            0x0520515e
                                            0x05205165
                                            0x05205169
                                            0x0520516c
                                            0x05205172
                                            0x05205176
                                            0x0520517a
                                            0x0520517a
                                            0x0520517a
                                            0x0520517f
                                            0x05246d8b
                                            0x05246d8e
                                            0x05246d91
                                            0x05246d95
                                            0x05246d98
                                            0x05246d9c
                                            0x05246da0
                                            0x05246da3
                                            0x05246da7
                                            0x05246e26
                                            0x05246e26
                                            0x05246e2a
                                            0x052051f9
                                            0x052051f9
                                            0x052051fe
                                            0x05246e33
                                            0x05246e33
                                            0x05246e39
                                            0x05246e3d
                                            0x05246e46
                                            0x05246e50
                                            0x00000000
                                            0x00000000
                                            0x05246e52
                                            0x05246e53
                                            0x05246e56
                                            0x05246e5d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05246e5f
                                            0x05246e67
                                            0x05246e77
                                            0x05246e7f
                                            0x05246e80
                                            0x05246e88
                                            0x05246e90
                                            0x05246e9f
                                            0x05246ea5
                                            0x05246ea9
                                            0x05246eb1
                                            0x05246ebf
                                            0x00000000
                                            0x00000000
                                            0x05246ecf
                                            0x05246ed3
                                            0x00000000
                                            0x00000000
                                            0x05246edb
                                            0x05246ede
                                            0x05246ee1
                                            0x05246ee8
                                            0x05246eeb
                                            0x05246eed
                                            0x05246ef0
                                            0x05246ef4
                                            0x05246ef8
                                            0x05246efc
                                            0x00000000
                                            0x00000000
                                            0x05246f0d
                                            0x05246f11
                                            0x05246f32
                                            0x05246f37
                                            0x05246f3b
                                            0x05246f3e
                                            0x05246f41
                                            0x05246f46
                                            0x00000000
                                            0x00000000
                                            0x05246f4c
                                            0x05246f50
                                            0x05246f50
                                            0x05246f54
                                            0x05246f62
                                            0x05246f65
                                            0x05246f6d
                                            0x05246f7b
                                            0x05246f7b
                                            0x05246f93
                                            0x05246f98
                                            0x05246fa0
                                            0x05246fa6
                                            0x05246fb3
                                            0x05246fb6
                                            0x05246fbf
                                            0x05246fc1
                                            0x05246fd5
                                            0x05246fda
                                            0x05246fda
                                            0x05246fdd
                                            0x05246fe2
                                            0x05246fe7
                                            0x05246feb
                                            0x05246fef
                                            0x05246ff3
                                            0x0520520c
                                            0x0520520c
                                            0x0520520f
                                            0x05205215
                                            0x05205234
                                            0x0520523a
                                            0x0520523a
                                            0x05205244
                                            0x05205245
                                            0x05205246
                                            0x05205251
                                            0x05205251
                                            0x05246f13
                                            0x05246f17
                                            0x05246f17
                                            0x05246f18
                                            0x05246f1b
                                            0x05246f1f
                                            0x05246f23
                                            0x00000000
                                            0x05246f28
                                            0x05205204
                                            0x05205204
                                            0x05205208
                                            0x00000000
                                            0x05205208
                                            0x05205185
                                            0x05205188
                                            0x0520518a
                                            0x0520518e
                                            0x05205195
                                            0x05246db1
                                            0x05246db5
                                            0x05246db9
                                            0x0520519b
                                            0x0520519b
                                            0x0520519e
                                            0x052051a7
                                            0x052051a9
                                            0x052051a9
                                            0x052051b5
                                            0x052051b8
                                            0x052051bb
                                            0x052051be
                                            0x052051c1
                                            0x052051c5
                                            0x052051c9
                                            0x052051cd
                                            0x052051cd
                                            0x052051d8
                                            0x052051dc
                                            0x052051e0
                                            0x05246dcc
                                            0x05246dd0
                                            0x05246dd5
                                            0x05246ddd
                                            0x05246de1
                                            0x05246de1
                                            0x05246de5
                                            0x05246deb
                                            0x05246df1
                                            0x05246df7
                                            0x05246dfd
                                            0x05246e01
                                            0x05246e05
                                            0x05246e09
                                            0x05246e0d
                                            0x05246e11
                                            0x05246e11
                                            0x052051eb
                                            0x05246e1a
                                            0x05246e1f
                                            0x05246e21
                                            0x05246e23
                                            0x00000000
                                            0x052051f1
                                            0x052051f1
                                            0x00000000
                                            0x052051f1

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e7fe9bf03142fde379f6c3006b12dad6c6b1da30b0d030f4f01109706297cfe0
                                            • Instruction ID: 5e380b306440244e42ffc1386040e203076e645fe4776b3371bed0176135bfb9
                                            • Opcode Fuzzy Hash: e7fe9bf03142fde379f6c3006b12dad6c6b1da30b0d030f4f01109706297cfe0
                                            • Instruction Fuzzy Hash: 7DC123756193818FD358CF28C480A5AFBE1BF89304F14896EF89A8B392D771E845CF42
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052003E2 Relevance: .3, Instructions: 254COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 74%
                                            			E052003E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x52cd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E05200548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0521B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E051EB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x52c7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E051F7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E051F7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E05257016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E05219830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E052569A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x52c7c04 != 0) {
						_t118 = _v12;
						_t120 = E0525A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x52c7bd8;
						if( *0x52c7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E052195D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E052199A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E05253540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E051DB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0521AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x52c8474 - 3;
										if( *0x52c8474 != 3) {
											 *0x52c79dc =  *0x52c79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E051F7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E051F7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E05257016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x52c8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x52c7b00; // 0x0
							asm("ror esi, cl");
							 *0x52cb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E052195D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E051E7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                            0x052003f1
                                            0x052003f7
                                            0x052003f9
                                            0x052003fb
                                            0x052003fd
                                            0x05200400
                                            0x0520040a
                                            0x05244c7a
                                            0x05200537
                                            0x05200547
                                            0x05200410
                                            0x05200410
                                            0x05200414
                                            0x05200417
                                            0x0520041a
                                            0x05200421
                                            0x05200424
                                            0x0520042b
                                            0x0520043b
                                            0x0520043e
                                            0x0520043f
                                            0x0520043f
                                            0x05200446
                                            0x05200449
                                            0x0520044c
                                            0x0520044f
                                            0x05200459
                                            0x05244c8d
                                            0x0520045f
                                            0x0520045f
                                            0x0520045f
                                            0x05200467
                                            0x05244c97
                                            0x05244c9d
                                            0x05244ca4
                                            0x05244caa
                                            0x05244caf
                                            0x05244cb1
                                            0x05244cc3
                                            0x05244cb3
                                            0x05244cbc
                                            0x05244cbc
                                            0x05244cc8
                                            0x05244ccb
                                            0x05244cd7
                                            0x05244cda
                                            0x05244cdf
                                            0x05244cdf
                                            0x05244ccb
                                            0x05244ca4
                                            0x0520046d
                                            0x0520046f
                                            0x0520046f
                                            0x05200471
                                            0x05200476
                                            0x0520047a
                                            0x0520047b
                                            0x05200483
                                            0x05200489
                                            0x0520048d
                                            0x00000000
                                            0x00000000
                                            0x05244ce9
                                            0x05244cef
                                            0x05244d22
                                            0x05244d22
                                            0x00000000
                                            0x05244d22
                                            0x05244cf1
                                            0x05244cf7
                                            0x00000000
                                            0x00000000
                                            0x05244cf9
                                            0x05244cff
                                            0x00000000
                                            0x00000000
                                            0x05244d05
                                            0x05244d07
                                            0x00000000
                                            0x00000000
                                            0x05244d0d
                                            0x05244d0f
                                            0x05244d14
                                            0x05244d16
                                            0x00000000
                                            0x00000000
                                            0x05244d1c
                                            0x05244d1c
                                            0x05200499
                                            0x05200535
                                            0x05200535
                                            0x00000000
                                            0x05200535
                                            0x052004a6
                                            0x05244d2c
                                            0x05244d37
                                            0x05244d39
                                            0x05244d3b
                                            0x00000000
                                            0x00000000
                                            0x05244d41
                                            0x05244d48
                                            0x05200527
                                            0x0520052b
                                            0x0520052d
                                            0x05200530
                                            0x05200530
                                            0x00000000
                                            0x0520052b
                                            0x05244d4e
                                            0x052004ac
                                            0x052004ac
                                            0x052004af
                                            0x052004b2
                                            0x052004b7
                                            0x052004b9
                                            0x052004bb
                                            0x052004bd
                                            0x052004bf
                                            0x052004c5
                                            0x052004c9
                                            0x05244d53
                                            0x05244d59
                                            0x05244db9
                                            0x05244dba
                                            0x05244dbf
                                            0x05244dc2
                                            0x05244dc4
                                            0x05244dc7
                                            0x05244dce
                                            0x00000000
                                            0x05244dce
                                            0x05244d5b
                                            0x05244d61
                                            0x00000000
                                            0x00000000
                                            0x05244d63
                                            0x05244d69
                                            0x00000000
                                            0x00000000
                                            0x05244d6b
                                            0x05244d6e
                                            0x05244d74
                                            0x05244d76
                                            0x05244d7c
                                            0x05244d7e
                                            0x05244d84
                                            0x05244d89
                                            0x05244d8c
                                            0x05244d8d
                                            0x05244d92
                                            0x05244d95
                                            0x05244d96
                                            0x05244d98
                                            0x05244d9a
                                            0x05244d9f
                                            0x05244da4
                                            0x05244da6
                                            0x05244da8
                                            0x05244daf
                                            0x05244db1
                                            0x05244db1
                                            0x05244daf
                                            0x05244da6
                                            0x05244d84
                                            0x05244d7c
                                            0x00000000
                                            0x05244d74
                                            0x052004d6
                                            0x05244de1
                                            0x052004dc
                                            0x052004dc
                                            0x052004dc
                                            0x052004e4
                                            0x05244deb
                                            0x05244df1
                                            0x05244df8
                                            0x05244dfe
                                            0x05244e03
                                            0x05244e05
                                            0x05244e17
                                            0x05244e07
                                            0x05244e10
                                            0x05244e10
                                            0x05244e1c
                                            0x05244e1f
                                            0x05244e35
                                            0x05244e35
                                            0x05244e1f
                                            0x05244df8
                                            0x052004f1
                                            0x052004fa
                                            0x05244e3f
                                            0x05244e47
                                            0x05244e5b
                                            0x05244e61
                                            0x05244e67
                                            0x05244e69
                                            0x05244e71
                                            0x05244e73
                                            0x05200500
                                            0x05200500
                                            0x05200500
                                            0x052004fa
                                            0x05200508
                                            0x0520051d
                                            0x0520051d
                                            0x0520051f
                                            0x05200524
                                            0x00000000
                                            0x05200524
                                            0x05200515
                                            0x05200517
                                            0x05244e7a
                                            0x05244e7c
                                            0x00000000
                                            0x00000000
                                            0x05244e85
                                            0x00000000
                                            0x05244e85
                                            0x00000000
                                            0x05200517

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 405bd91b2cc3bc81f7bff388ab4a3ea17fce10887100d48a0b8e803580f7cb88
                                            • Instruction ID: 2356d0aa4b4f0a23770f10268afb9dfbcdd15f46517bfef9a73bd4ce5c1435ab
                                            • Opcode Fuzzy Hash: 405bd91b2cc3bc81f7bff388ab4a3ea17fce10887100d48a0b8e803580f7cb88
                                            • Instruction Fuzzy Hash: 05913231F25655EBEF25AA68C84CBBE7BA1FF01720F050261E915AB2D2DB749D00CBC5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051DC600 Relevance: .2, Instructions: 225COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E051DC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x52cd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E051E6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0521B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x52c7b9c; // 0x0
					_t74 = L051F4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E05219650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L051F77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0521F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E052113C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L051F77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E05219650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                            0x051dc608
                                            0x051dc615
                                            0x051dc625
                                            0x051dc62d
                                            0x051dc635
                                            0x051dc640
                                            0x051dc680
                                            0x051dc687
                                            0x051dc688
                                            0x051dc689
                                            0x051dc694
                                            0x051dc694
                                            0x051dc642
                                            0x051dc64a
                                            0x051dc697
                                            0x05247a25
                                            0x05247a2b
                                            0x05247a2e
                                            0x05247a30
                                            0x05247bea
                                            0x05247bea
                                            0x00000000
                                            0x05247bea
                                            0x05247a36
                                            0x05247a43
                                            0x05247a48
                                            0x05247a4c
                                            0x05247a4e
                                            0x00000000
                                            0x00000000
                                            0x05247a58
                                            0x05247a5a
                                            0x05247a5b
                                            0x05247a5c
                                            0x05247a5d
                                            0x05247a63
                                            0x05247a64
                                            0x05247a6a
                                            0x05247a6c
                                            0x05247a6e
                                            0x052479cb
                                            0x052479cb
                                            0x052479ce
                                            0x052479d0
                                            0x05247a98
                                            0x05247a9b
                                            0x05247a9b
                                            0x05247a9e
                                            0x05247aa1
                                            0x05247bbe
                                            0x05247bbe
                                            0x05247bc0
                                            0x05247be0
                                            0x05247be0
                                            0x05247a01
                                            0x05247a01
                                            0x05247a05
                                            0x05247a07
                                            0x05247a15
                                            0x05247a15
                                            0x05247a1a
                                            0x00000000
                                            0x05247a1a
                                            0x05247bc2
                                            0x05247bc6
                                            0x05247bc9
                                            0x05247bcd
                                            0x05247bcf
                                            0x052479e6
                                            0x052479e6
                                            0x052479eb
                                            0x052479eb
                                            0x052479ef
                                            0x052479f1
                                            0x00000000
                                            0x00000000
                                            0x052479f3
                                            0x052479f5
                                            0x052479ff
                                            0x052479ff
                                            0x00000000
                                            0x052479ff
                                            0x052479f7
                                            0x052479fd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x052479fd
                                            0x05247bd5
                                            0x05247bd8
                                            0x00000000
                                            0x00000000
                                            0x05247ba9
                                            0x05247bac
                                            0x05247bb0
                                            0x05247bb1
                                            0x05247bb1
                                            0x05247bb6
                                            0x00000000
                                            0x05247bb6
                                            0x05247aa7
                                            0x05247aaa
                                            0x00000000
                                            0x00000000
                                            0x05247ab2
                                            0x05247ab3
                                            0x05247ab5
                                            0x05247aec
                                            0x05247aef
                                            0x05247b25
                                            0x05247b28
                                            0x05247b62
                                            0x05247b64
                                            0x05247b8f
                                            0x05247b92
                                            0x05247b96
                                            0x05247b98
                                            0x00000000
                                            0x00000000
                                            0x05247b9e
                                            0x05247b9f
                                            0x05247ba3
                                            0x00000000
                                            0x05247ba3
                                            0x05247b66
                                            0x05247b68
                                            0x05247ae2
                                            0x05247ae2
                                            0x00000000
                                            0x05247ae2
                                            0x05247b6e
                                            0x05247b72
                                            0x05247b75
                                            0x05247b81
                                            0x05247b85
                                            0x05247b87
                                            0x00000000
                                            0x00000000
                                            0x05247b31
                                            0x05247b34
                                            0x05247b3c
                                            0x05247b45
                                            0x05247b46
                                            0x05247b4f
                                            0x05247b51
                                            0x05247b57
                                            0x05247b59
                                            0x05247b59
                                            0x00000000
                                            0x05247b59
                                            0x05247b77
                                            0x00000000
                                            0x05247b77
                                            0x05247b2a
                                            0x00000000
                                            0x05247b2a
                                            0x05247af1
                                            0x05247af3
                                            0x00000000
                                            0x00000000
                                            0x05247afb
                                            0x05247afc
                                            0x05247afe
                                            0x00000000
                                            0x00000000
                                            0x05247b00
                                            0x05247b03
                                            0x00000000
                                            0x00000000
                                            0x05247b05
                                            0x05247b09
                                            0x05247b0d
                                            0x05247b0f
                                            0x00000000
                                            0x00000000
                                            0x05247b18
                                            0x05247b1d
                                            0x00000000
                                            0x05247b1d
                                            0x05247ab7
                                            0x05247ab9
                                            0x00000000
                                            0x00000000
                                            0x05247abf
                                            0x05247ac1
                                            0x00000000
                                            0x00000000
                                            0x05247ac3
                                            0x05247ac6
                                            0x00000000
                                            0x00000000
                                            0x05247ac8
                                            0x05247acc
                                            0x05247ad0
                                            0x05247ad2
                                            0x00000000
                                            0x00000000
                                            0x05247adb
                                            0x00000000
                                            0x05247adb
                                            0x052479d6
                                            0x052479d9
                                            0x052479dc
                                            0x05247a91
                                            0x05247a94
                                            0x00000000
                                            0x05247a94
                                            0x052479e2
                                            0x00000000
                                            0x052479e2
                                            0x05247a74
                                            0x05247a7a
                                            0x00000000
                                            0x00000000
                                            0x05247a8a
                                            0x05247a21
                                            0x05247a21
                                            0x00000000
                                            0x05247a21
                                            0x051dc650
                                            0x051dc651
                                            0x051dc656
                                            0x051dc65c
                                            0x051dc65d
                                            0x051dc663
                                            0x051dc664
                                            0x051dc66a
                                            0x051dc66e
                                            0x052479c5
                                            0x052479c7
                                            0x00000000
                                            0x052479c7
                                            0x051dc67a
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8861c757a0d4ddfcdaebab07f38944bb4bc68c5e2b3718920d48e4a81b16a198
                                            • Instruction ID: 478359b37da56b364070fb9eae8b25621cead149bfd962481eefb7536a8efe55
                                            • Opcode Fuzzy Hash: 8861c757a0d4ddfcdaebab07f38944bb4bc68c5e2b3718920d48e4a81b16a198
                                            • Instruction Fuzzy Hash: E38192756682428BCB29CE14C980E7BB3E5FF84354F1C481AED699B241D330DD42CFA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05256DC9 Relevance: .2, Instructions: 199COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E05256DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L051F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E05256B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E051F7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E05219AE0();
					_t87 = L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0525795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0525795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0525795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0525795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L051F4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E05256B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E05256B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E05256B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E05256B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E051F7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E05219AE0();
								L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L051F2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L051F2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L051F2400( &_v52);
							}
							if(_v28 >= 0) {
								return L051F2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                            0x05256dd4
                                            0x05256dde
                                            0x05256de1
                                            0x05256de3
                                            0x05256de6
                                            0x05256de9
                                            0x05256dec
                                            0x05256def
                                            0x05256df2
                                            0x05256df5
                                            0x05256dfe
                                            0x05256e04
                                            0x05256e09
                                            0x05256e0d
                                            0x05256e18
                                            0x05256e1b
                                            0x05256e22
                                            0x05256e2d
                                            0x05256e30
                                            0x05256e36
                                            0x05256e42
                                            0x05256e4d
                                            0x05256e50
                                            0x05256e55
                                            0x05256e5c
                                            0x05256e6e
                                            0x05256e5e
                                            0x05256e67
                                            0x05256e67
                                            0x05256e73
                                            0x05256e74
                                            0x05256e77
                                            0x05256e7c
                                            0x05256e7d
                                            0x05256e8e
                                            0x05256e93
                                            0x05256e9c
                                            0x05256ea8
                                            0x05256eab
                                            0x05256eac
                                            0x05256eb3
                                            0x05256ecd
                                            0x05256edc
                                            0x05256ee2
                                            0x05256ee5
                                            0x05256ef2
                                            0x05256efb
                                            0x05256f01
                                            0x05256f06
                                            0x05256f0b
                                            0x05256f11
                                            0x05256f1a
                                            0x05256f22
                                            0x05256f26
                                            0x05256f26
                                            0x05256f33
                                            0x05256f41
                                            0x05256f44
                                            0x05256f47
                                            0x05256f54
                                            0x05256f65
                                            0x05256f77
                                            0x05256f7c
                                            0x05256f82
                                            0x05256f91
                                            0x05256f99
                                            0x05256fa3
                                            0x05256fae
                                            0x05256fae
                                            0x05256fba
                                            0x05256fbb
                                            0x05256fbc
                                            0x05256fc1
                                            0x05256fc2
                                            0x05256fd3
                                            0x05256fd8
                                            0x05256fd8
                                            0x05256fdf
                                            0x05256fe8
                                            0x05256fee
                                            0x05256fee
                                            0x05256ff5
                                            0x05256ffb
                                            0x05256ffb
                                            0x05257004
                                            0x00000000
                                            0x0525700a
                                            0x05257004
                                            0x05256eb3
                                            0x05256e9c
                                            0x05257015

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                            • Instruction ID: 4b37866a1cc7da4a43e77c3c3b00bbfb7e3bdaa53dd41fdc6e3c53462db056a6
                                            • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                            • Instruction Fuzzy Hash: E7716D71E10219EFCB11DFA5C984EEEBBB9FF48710F144169E909E7251DB34AA41CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0526B8D0 Relevance: .2, Instructions: 199COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 39%
                                            			E0526B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x52c7b9c; // 0x0
				_t124 = L051F4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E05219800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E052195B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E052195D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L051F77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E05219910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E052195D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x52c7b9c; // 0x0
									_t92 = L051F4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E05219910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E051DA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0526E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0526E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E052195B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                            0x0526b8d9
                                            0x0526b8e4
                                            0x00000000
                                            0x0526b8e6
                                            0x0526b8f3
                                            0x0526b8f5
                                            0x0526b8f5
                                            0x0526b8f8
                                            0x0526b920
                                            0x0526b924
                                            0x0526b936
                                            0x0526b939
                                            0x0526b93d
                                            0x0526b948
                                            0x0526b9a0
                                            0x0526b9a0
                                            0x0526b9a4
                                            0x0526b9bf
                                            0x0526b9c4
                                            0x0526b9c6
                                            0x0526b9cd
                                            0x0526b9d1
                                            0x0526bad4
                                            0x0526bad8
                                            0x0526bada
                                            0x0526badc
                                            0x0526badc
                                            0x0526badf
                                            0x0526bae0
                                            0x0526bae2
                                            0x0526bae4
                                            0x0526baec
                                            0x0526baee
                                            0x0526baf0
                                            0x0526baf0
                                            0x0526baec
                                            0x0526bafb
                                            0x0526bafc
                                            0x0526bafe
                                            0x0526bb01
                                            0x0526bb01
                                            0x00000000
                                            0x0526bb06
                                            0x0526b9d7
                                            0x0526b9db
                                            0x0526b9db
                                            0x0526b9de
                                            0x0526b9de
                                            0x0526b9e4
                                            0x0526b9e7
                                            0x0526b9ea
                                            0x0526b9ec
                                            0x0526b9ef
                                            0x0526b9f3
                                            0x0526ba1b
                                            0x0526ba1b
                                            0x0526ba23
                                            0x0526ba24
                                            0x0526ba27
                                            0x0526ba2a
                                            0x0526ba2b
                                            0x0526ba2e
                                            0x0526ba30
                                            0x0526ba37
                                            0x0526ba3f
                                            0x0526ba9c
                                            0x0526baa2
                                            0x0526bb13
                                            0x0526bb15
                                            0x0526baae
                                            0x0526baae
                                            0x0526bab3
                                            0x0526bab5
                                            0x0526baba
                                            0x0526bac8
                                            0x0526bac8
                                            0x0526baba
                                            0x0526bacd
                                            0x0526bacf
                                            0x00000000
                                            0x0526bacf
                                            0x0526bb1a
                                            0x00000000
                                            0x0526bb1c
                                            0x0526baa7
                                            0x0526bb11
                                            0x00000000
                                            0x0526bb11
                                            0x0526baa9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0526ba41
                                            0x0526ba41
                                            0x0526ba41
                                            0x0526ba58
                                            0x0526ba5d
                                            0x0526ba62
                                            0x00000000
                                            0x00000000
                                            0x0526ba64
                                            0x0526ba67
                                            0x0526ba68
                                            0x0526ba69
                                            0x0526ba6c
                                            0x0526ba6f
                                            0x0526ba71
                                            0x0526ba78
                                            0x0526ba80
                                            0x00000000
                                            0x00000000
                                            0x0526ba90
                                            0x0526ba90
                                            0x0526ba97
                                            0x00000000
                                            0x0526ba97
                                            0x0526b9f5
                                            0x0526b9f7
                                            0x0526b9f7
                                            0x0526b9fa
                                            0x0526ba03
                                            0x0526ba07
                                            0x0526ba0c
                                            0x0526ba10
                                            0x0526ba17
                                            0x00000000
                                            0x0526b9f7
                                            0x0526b9a6
                                            0x0526b9a8
                                            0x0526b9af
                                            0x0526b9b3
                                            0x00000000
                                            0x00000000
                                            0x0526b9b9
                                            0x00000000
                                            0x0526b9b9
                                            0x0526b94d
                                            0x0526b98f
                                            0x0526b995
                                            0x0526b999
                                            0x0526b960
                                            0x0526b967
                                            0x0526b968
                                            0x0526b96a
                                            0x00000000
                                            0x0526b96a
                                            0x0526b99b
                                            0x0526b99e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0526b99e
                                            0x0526b951
                                            0x0526b954
                                            0x0526b95a
                                            0x0526b95e
                                            0x0526b972
                                            0x0526b979
                                            0x0526b97d
                                            0x0526b97f
                                            0x0526b980
                                            0x0526b982
                                            0x0526b984
                                            0x00000000
                                            0x0526b984
                                            0x00000000
                                            0x0526b926
                                            0x00000000
                                            0x0526b926

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: de566abe61854988451b445fdff4a2b4210017e33d32dd536c9b6bbc680bc1ac
                                            • Instruction ID: e13c40aae8c6dd857e53983d96e3b9037225c29033210499377c9474839a5b3c
                                            • Opcode Fuzzy Hash: de566abe61854988451b445fdff4a2b4210017e33d32dd536c9b6bbc680bc1ac
                                            • Instruction Fuzzy Hash: E771FE36220702AFD722DF14C888F66B7E6FF44720F144528EA5AC72E0DBB1E981CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051D52A5 Relevance: .2, Instructions: 161COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 78%
                                            			E051D52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E051EEEF0(0x52c79a0);
					_t104 =  *0x52c8210; // 0x902ce8
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E051EEB70(_t93, 0x52c79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E05219890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E051EEEF0(0x52c79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E051EEB70(0, 0x52c79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x902cf5
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0520F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E051EEEF0(0x52c79a0);
									__eflags =  *0x52c8210 - _t104; // 0x902ce8
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x52c8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E05254888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E051EEB70(_t95, 0x52c79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E052195D0();
											L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E052195D0();
											L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E051EEB70(_t93, 0x52c79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E052195D0();
										L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E052195D0();
										L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0520F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                            0x051d52a5
                                            0x051d52ad
                                            0x051d52b0
                                            0x051d52b3
                                            0x051d52b7
                                            0x051d52ba
                                            0x051d52bf
                                            0x051d52c4
                                            0x051d52cc
                                            0x00000000
                                            0x00000000
                                            0x051d52ce
                                            0x051d52d9
                                            0x051d52dd
                                            0x051d52e7
                                            0x051d52f7
                                            0x051d52f9
                                            0x051d52fd
                                            0x05230dcf
                                            0x05230dd5
                                            0x05230dd6
                                            0x05230dd7
                                            0x05230dd8
                                            0x05230dd9
                                            0x05230dde
                                            0x05230ddf
                                            0x05230de0
                                            0x05230de1
                                            0x05230de2
                                            0x05230de5
                                            0x05230dea
                                            0x05230dec
                                            0x05230f60
                                            0x05230f64
                                            0x05230f70
                                            0x05230f76
                                            0x05230f79
                                            0x05230f79
                                            0x00000000
                                            0x05230f64
                                            0x05230df2
                                            0x05230df7
                                            0x05230e04
                                            0x05230e0d
                                            0x05230e0d
                                            0x05230e10
                                            0x05230e1a
                                            0x05230e1c
                                            0x05230e4c
                                            0x05230e52
                                            0x05230e61
                                            0x05230e67
                                            0x05230e6b
                                            0x05230e70
                                            0x05230e76
                                            0x05230ed7
                                            0x05230edc
                                            0x05230ee0
                                            0x05230ee6
                                            0x05230eea
                                            0x05230eed
                                            0x05230ef0
                                            0x05230ef3
                                            0x05230ef6
                                            0x05230ef9
                                            0x05230efe
                                            0x05230f01
                                            0x05230f01
                                            0x05230f0b
                                            0x05230f12
                                            0x05230f16
                                            0x05230f18
                                            0x05230f1b
                                            0x05230f2c
                                            0x05230f31
                                            0x05230f31
                                            0x05230f35
                                            0x05230f39
                                            0x05230f3a
                                            0x05230f3c
                                            0x05230f3f
                                            0x05230f50
                                            0x05230f55
                                            0x05230f55
                                            0x05230f59
                                            0x051d52eb
                                            0x051d52f1
                                            0x051d52f1
                                            0x05230e7d
                                            0x05230e84
                                            0x05230e88
                                            0x05230e8a
                                            0x05230e8d
                                            0x05230e9e
                                            0x05230ea3
                                            0x05230ea3
                                            0x05230ea7
                                            0x05230eaf
                                            0x05230eb3
                                            0x05230eb9
                                            0x05230eb9
                                            0x05230ebc
                                            0x05230ecd
                                            0x05230ecd
                                            0x00000000
                                            0x05230eb3
                                            0x05230e21
                                            0x05230e2b
                                            0x05230e2f
                                            0x05230e30
                                            0x05230e3a
                                            0x05230e3f
                                            0x05230e41
                                            0x00000000
                                            0x00000000
                                            0x05230e47
                                            0x00000000
                                            0x05230e47
                                            0x05230df9
                                            0x05230dfe
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05230dfe
                                            0x051d5303
                                            0x051d5307
                                            0x00000000
                                            0x051d5309
                                            0x00000000
                                            0x051d5309
                                            0x051d5307
                                            0x051d52e9
                                            0x051d52e9
                                            0x00000000
                                            0x051d52e9
                                            0x051d530e
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bedea8337e1e26cd26b7accc249b7208d2b5f8b74eff64e2223b4af4afa2fd82
                                            • Instruction ID: bdd58406adbb4f5b85017f1f1f07b7f3f94832bbcafb576a487b8ff936e06441
                                            • Opcode Fuzzy Hash: bedea8337e1e26cd26b7accc249b7208d2b5f8b74eff64e2223b4af4afa2fd82
                                            • Instruction Fuzzy Hash: E251DF71255742EBC321EF28C849B27BBE6FF50710F150A1EE49587652E770E848CBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05202AE4 Relevance: .2, Instructions: 159COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E05202AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x52c8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x52c8208; // 0x52c8207
				_t8 = _t57 + 0x52c8208; // 0x52c8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x52c8450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x52c821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x52c6d5c; // 0xff600654
							_t72 =  *0x52c6d5c; // 0xff600654
							_t75 =  *0x52c6d5c; // 0xff600654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x52c6d5c; // 0xff600654
							_t84 =  *0x52c6d5c; // 0xff600654
							_t87 =  *0x52c6d5c; // 0xff600654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0521F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                            0x05202ae4
                                            0x05202aec
                                            0x05202aef
                                            0x05202af4
                                            0x05202af7
                                            0x05202afd
                                            0x05202b92
                                            0x05202b92
                                            0x05202b97
                                            0x05202b9c
                                            0x05202b9c
                                            0x05202b03
                                            0x05202b06
                                            0x05202b09
                                            0x05202b09
                                            0x05202b0f
                                            0x05202b15
                                            0x05202b15
                                            0x05202b1b
                                            0x05202b1e
                                            0x05202b21
                                            0x05202b26
                                            0x05202b29
                                            0x05202b81
                                            0x05202b84
                                            0x05202c0e
                                            0x05202c15
                                            0x05202c24
                                            0x05202c24
                                            0x05202b8a
                                            0x05202b8a
                                            0x05202b8a
                                            0x05202b8a
                                            0x05202b90
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05202b4a
                                            0x05202b4a
                                            0x05202b4d
                                            0x05202b53
                                            0x00000000
                                            0x00000000
                                            0x05202b55
                                            0x05202b58
                                            0x05202bb7
                                            0x05245d1b
                                            0x05245d37
                                            0x05245d47
                                            0x05245d53
                                            0x05202bbd
                                            0x05202bbd
                                            0x05202bbd
                                            0x05202bb7
                                            0x05202b5d
                                            0x05202c2f
                                            0x05245d5b
                                            0x05245d77
                                            0x05245d87
                                            0x05245d93
                                            0x05202c35
                                            0x05202c35
                                            0x05202c35
                                            0x05202c2f
                                            0x05202b65
                                            0x05202b9f
                                            0x05202ba2
                                            0x05202b67
                                            0x05202b67
                                            0x05202b69
                                            0x05202b6b
                                            0x05202b6e
                                            0x05202bc9
                                            0x05202bcc
                                            0x05202bcf
                                            0x05202bd4
                                            0x05202bd6
                                            0x05202bd6
                                            0x05202bdb
                                            0x05202c02
                                            0x05202c05
                                            0x05202c07
                                            0x00000000
                                            0x05202c07
                                            0x05202be0
                                            0x05202c00
                                            0x05202c3f
                                            0x05202c3f
                                            0x00000000
                                            0x05202c00
                                            0x05202be5
                                            0x05202be7
                                            0x05202bec
                                            0x05202bf4
                                            0x05202bf6
                                            0x00000000
                                            0x05202bf6
                                            0x05202b70
                                            0x05202b76
                                            0x05202b2b
                                            0x05202b2b
                                            0x05202b2d
                                            0x05202b2f
                                            0x05202b32
                                            0x05202b35
                                            0x05202b3a
                                            0x00000000
                                            0x05202b40
                                            0x05202b43
                                            0x05202b45
                                            0x05202b47
                                            0x05202b4a
                                            0x05202b4d
                                            0x05202b53
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05202b53
                                            0x05202b78
                                            0x05202b78
                                            0x05202b7b
                                            0x05202b7e
                                            0x00000000
                                            0x05202b7e
                                            0x05202b76
                                            0x05202ba5
                                            0x05202ba5
                                            0x05202ba8
                                            0x05202bad
                                            0x00000000
                                            0x00000000
                                            0x05202baf
                                            0x05202baf
                                            0x05202bc2
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 55108dba4dea29f2bd759bbd0bc494f299cdc27138c624165df77fe9e53924fb
                                            • Instruction ID: ceab8830835c6761922f4bd324553503ae729d8c008e2dbf97fe1ba8932dcd9a
                                            • Opcode Fuzzy Hash: 55108dba4dea29f2bd759bbd0bc494f299cdc27138c624165df77fe9e53924fb
                                            • Instruction Fuzzy Hash: 1F51C77AB21125CFC714DF1CC488ABDB7B6FF88700716845BE846AB396D734A941C790
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0529AE44 Relevance: .2, Instructions: 152COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E0529AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0529C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0529ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0529FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0529EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E051F7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E05291608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E052A1536(0x52c8ae4, (_t74 -  *0x52c8b04 >> 0x14) + (_t74 -  *0x52c8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0529C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0529A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0527CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0529ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                            0x0529ae44
                                            0x0529ae4c
                                            0x0529ae53
                                            0x0529ae55
                                            0x0529ae5c
                                            0x0529ae64
                                            0x0529ae68
                                            0x0529ae75
                                            0x0529ae75
                                            0x0529ae78
                                            0x0529ae7a
                                            0x0529ae7c
                                            0x0529ae7f
                                            0x0529aea8
                                            0x0529aeab
                                            0x0529aead
                                            0x00000000
                                            0x00000000
                                            0x0529aeb3
                                            0x0529aeb8
                                            0x0529aebb
                                            0x0529aebd
                                            0x00000000
                                            0x0529ae81
                                            0x0529ae88
                                            0x0529ae8f
                                            0x0529ae9b
                                            0x0529ae96
                                            0x0529ae96
                                            0x0529ae96
                                            0x0529aea0
                                            0x0529aea3
                                            0x0529aebf
                                            0x0529aebf
                                            0x0529aec3
                                            0x0529aec9
                                            0x0529af0d
                                            0x0529af14
                                            0x0529af3d
                                            0x0529af3d
                                            0x0529af41
                                            0x0529af44
                                            0x0529af67
                                            0x0529af67
                                            0x0529af6a
                                            0x0529afca
                                            0x0529afd1
                                            0x00000000
                                            0x0529afd1
                                            0x0529af6c
                                            0x0529af6d
                                            0x0529af75
                                            0x0529af7c
                                            0x0529af7e
                                            0x0529af80
                                            0x0529af85
                                            0x0529af87
                                            0x0529af99
                                            0x0529af89
                                            0x0529af92
                                            0x0529af92
                                            0x0529af9e
                                            0x0529afa1
                                            0x0529afa3
                                            0x0529afa9
                                            0x0529afb0
                                            0x0529afb2
                                            0x0529afb4
                                            0x0529afbc
                                            0x0529afbc
                                            0x0529afb4
                                            0x0529afb0
                                            0x00000000
                                            0x0529afa1
                                            0x0529af4f
                                            0x0529af57
                                            0x0529af5c
                                            0x0529af5e
                                            0x00000000
                                            0x00000000
                                            0x0529af60
                                            0x0529af64
                                            0x0529af64
                                            0x00000000
                                            0x0529af64
                                            0x0529af1a
                                            0x0529af25
                                            0x00000000
                                            0x00000000
                                            0x0529af27
                                            0x0529af28
                                            0x0529af33
                                            0x00000000
                                            0x0529aed0
                                            0x0529aed0
                                            0x0529aed2
                                            0x0529aee1
                                            0x0529aee4
                                            0x00000000
                                            0x00000000
                                            0x0529aee6
                                            0x0529aeec
                                            0x00000000
                                            0x00000000
                                            0x0529aefb
                                            0x0529af07
                                            0x0529afd3
                                            0x0529afdb
                                            0x0529afdb
                                            0x00000000
                                            0x0529af07
                                            0x0529aed6
                                            0x0529aed8
                                            0x0529aedf
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0529aedf
                                            0x0529aec9

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1c68b852a12368f2436a37e0119abc6f8a513ac9c25fedeecf6fc471ba33d167
                                            • Instruction ID: ccba08130b2cad4978a5ddb80ce6633fa3ef40cca3bccada9d489f03d64bed94
                                            • Opcode Fuzzy Hash: 1c68b852a12368f2436a37e0119abc6f8a513ac9c25fedeecf6fc471ba33d167
                                            • Instruction Fuzzy Hash: 8841C5B17243125BCF2EDA29C898B7BB79AFF84620F04422DF85B87790DB75D801C691
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051FDBE9 Relevance: .1, Instructions: 149COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E051FDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E051DCC50(E051D4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E051F7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E052A8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E051F2280(_t58, _v44);
						E051FDD82(_v44, _t102, _t98);
						E051FB944(_t102, _v5);
						return E051EFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x52c8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x52c862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x52c8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x52c862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x529fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                            0x051fdbe9
                                            0x051fdbf2
                                            0x051fdbf7
                                            0x051fdbf9
                                            0x051fdbfc
                                            0x051fdc00
                                            0x051fdc03
                                            0x051fdc14
                                            0x051fdd54
                                            0x051fdd54
                                            0x051fdd54
                                            0x051fdc18
                                            0x051fdc1d
                                            0x051fdc1d
                                            0x051fdc32
                                            0x051fdc3b
                                            0x051fdc3e
                                            0x051fdc46
                                            0x051fdd5b
                                            0x051fdd62
                                            0x051fdd64
                                            0x051fdd67
                                            0x051fdd69
                                            0x051fdd6b
                                            0x051fdd6e
                                            0x051fdd70
                                            0x051fdd73
                                            0x051fdd73
                                            0x00000000
                                            0x051fdc4c
                                            0x051fdc4e
                                            0x05243ae3
                                            0x05243ae8
                                            0x05243aea
                                            0x051fdce7
                                            0x051fdce9
                                            0x051fdcec
                                            0x051fdcee
                                            0x051fdcf0
                                            0x051fdcf3
                                            0x051fdcf5
                                            0x05243af2
                                            0x05243af5
                                            0x05243af5
                                            0x051fdd06
                                            0x051fdd08
                                            0x051fdd0b
                                            0x051fdd12
                                            0x05243b08
                                            0x051fdd18
                                            0x051fdd18
                                            0x051fdd18
                                            0x051fdd20
                                            0x051fdd23
                                            0x05243b16
                                            0x05243b16
                                            0x051fdd29
                                            0x051fdd2d
                                            0x051fdd36
                                            0x051fdd40
                                            0x051fdd51
                                            0x051fdd51
                                            0x051fdc54
                                            0x051fdc59
                                            0x051fdc59
                                            0x051fdc5e
                                            0x051fdc5e
                                            0x051fdc63
                                            0x051fdc66
                                            0x051fdc6b
                                            0x051fdc78
                                            0x051fdc7b
                                            0x051fdc81
                                            0x051fdc81
                                            0x051fdc83
                                            0x051fdc89
                                            0x00000000
                                            0x00000000
                                            0x051fdd7b
                                            0x051fdd7b
                                            0x051fdc8f
                                            0x051fdc8f
                                            0x051fdc92
                                            0x051fdc99
                                            0x051fdc9f
                                            0x051fdca5
                                            0x051fdcaa
                                            0x051fdcaa
                                            0x051fdcb3
                                            0x051fdcb8
                                            0x051fdcbb
                                            0x051fdcc1
                                            0x051fdccf
                                            0x051fdcd2
                                            0x051fdcd5
                                            0x051fdcd7
                                            0x051fdcda
                                            0x051fdcdc
                                            0x051fdcdc
                                            0x051fdce2
                                            0x051fdce4
                                            0x00000000
                                            0x051fdce4

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 79e47a25ac8e3db9e25795db1de5bba7f4c711735b0700a02bd164b78491f3bb
                                            • Instruction ID: 75a253f77b96cd6c434695f1a88d37f631a2dc7d7a481dde2a8c66094079f8f0
                                            • Opcode Fuzzy Hash: 79e47a25ac8e3db9e25795db1de5bba7f4c711735b0700a02bd164b78491f3bb
                                            • Instruction Fuzzy Hash: 1D51C0B5A01215DFCB18CF68D480ABEFBF2BF88314F21855AD659E7384DB70A944CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051EEF40 Relevance: .1, Instructions: 147COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E051EEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E051D9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x774ac21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E051D2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                            0x051eef4b
                                            0x051eef4d
                                            0x051eef57
                                            0x051ef0bd
                                            0x051ef0c2
                                            0x051ef0d2
                                            0x051ef0d2
                                            0x051ef0c2
                                            0x051eef5d
                                            0x051eef5f
                                            0x051eef67
                                            0x051eef6a
                                            0x051eef6d
                                            0x051eef74
                                            0x051eef7f
                                            0x051eef82
                                            0x051eef82
                                            0x051eef86
                                            0x051eef88
                                            0x051eef8c
                                            0x051eef8f
                                            0x051eef8f
                                            0x051eef8f
                                            0x00000000
                                            0x051eef91
                                            0x051eef93
                                            0x051eefc4
                                            0x051eefc4
                                            0x051eefc4
                                            0x051eefca
                                            0x051eefd0
                                            0x051ef0a6
                                            0x00000000
                                            0x00000000
                                            0x051ef0af
                                            0x0523bb06
                                            0x0523bb0a
                                            0x051ef0b5
                                            0x051ef0b5
                                            0x051ef0b5
                                            0x051ef0b5
                                            0x00000000
                                            0x051eefd6
                                            0x051eefd9
                                            0x051ef0de
                                            0x051ef0e2
                                            0x051eefdf
                                            0x051eefdf
                                            0x051eefdf
                                            0x051eefe5
                                            0x0523bafc
                                            0x0523bafc
                                            0x051eefe5
                                            0x051eefeb
                                            0x051eefed
                                            0x051ef00f
                                            0x051ef011
                                            0x051ef01a
                                            0x051ef01d
                                            0x051ef021
                                            0x051ef028
                                            0x051ef029
                                            0x051ef029
                                            0x051ef02c
                                            0x00000000
                                            0x051ef02c
                                            0x051eeff3
                                            0x051eeff9
                                            0x051ef0ea
                                            0x051ef0ed
                                            0x051ef0ef
                                            0x00000000
                                            0x051ef0ef
                                            0x051ef003
                                            0x0523bb12
                                            0x051ef045
                                            0x051ef049
                                            0x051ef051
                                            0x051ef09e
                                            0x051ef0a0
                                            0x051ef0a0
                                            0x051ef09e
                                            0x051ef053
                                            0x051ef064
                                            0x051ef064
                                            0x051ef06b
                                            0x0523bb1a
                                            0x0523bb1a
                                            0x051ef071
                                            0x051ef071
                                            0x051ef07d
                                            0x051ef082
                                            0x051ef08f
                                            0x051ef08f
                                            0x051ef009
                                            0x051ef00d
                                            0x00000000
                                            0x051ef00d
                                            0x051eefd0
                                            0x051eef97
                                            0x051eefa5
                                            0x051eefaa
                                            0x00000000
                                            0x051eefac
                                            0x051eefac
                                            0x051eefac
                                            0x00000000
                                            0x051eefb2
                                            0x051ef036
                                            0x051ef03a
                                            0x051ef040
                                            0x051ef090
                                            0x00000000
                                            0x051ef092
                                            0x051ef042
                                            0x00000000
                                            0x051ef042
                                            0x051eefb7
                                            0x051eefb9
                                            0x051eefbc
                                            0x051eefb0
                                            0x051eefb0
                                            0x00000000
                                            0x051eefbe
                                            0x051eefbe
                                            0x051eefc1
                                            0x00000000
                                            0x051eefc1
                                            0x051eefbc
                                            0x051eefaa
                                            0x051eef91

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                            • Instruction ID: 3a2bfc055758d3044edef59e74edd3c7e4d7937e6dac56a593c56c223cc41927
                                            • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                            • Instruction Fuzzy Hash: A7511430E04A49DFDB25CF68C0D4BAEFBB3BF45314F1882A9D84657281D379A98AC751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A740D Relevance: .1, Instructions: 141COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E052A740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0522D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0521F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L051F4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L051F4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0521F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L051F4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                            0x052a740d
                                            0x052a740d
                                            0x052a7412
                                            0x052a7413
                                            0x052a7416
                                            0x052a7418
                                            0x052a741c
                                            0x052a741f
                                            0x052a7422
                                            0x052a7422
                                            0x052a7428
                                            0x052a742a
                                            0x052a742a
                                            0x052a7451
                                            0x052a7432
                                            0x052a744f
                                            0x052a744f
                                            0x00000000
                                            0x052a7434
                                            0x052a7438
                                            0x052a7443
                                            0x052a7517
                                            0x052a7517
                                            0x052a751a
                                            0x052a7535
                                            0x052a7520
                                            0x052a7527
                                            0x052a752c
                                            0x052a7531
                                            0x052a7533
                                            0x00000000
                                            0x052a7533
                                            0x00000000
                                            0x052a7531
                                            0x052a754b
                                            0x052a754f
                                            0x052a755c
                                            0x052a755c
                                            0x052a755f
                                            0x052a7560
                                            0x052a7561
                                            0x052a7562
                                            0x052a7563
                                            0x052a7568
                                            0x052a756a
                                            0x052a756c
                                            0x052a756d
                                            0x052a756d
                                            0x052a756f
                                            0x052a7572
                                            0x052a7574
                                            0x052a7577
                                            0x052a757c
                                            0x052a757f
                                            0x00000000
                                            0x052a7551
                                            0x052a7551
                                            0x052a7551
                                            0x052a7553
                                            0x052a7553
                                            0x052a7449
                                            0x052a7449
                                            0x052a744c
                                            0x052a744c
                                            0x00000000
                                            0x052a744c
                                            0x052a7443
                                            0x052a750e
                                            0x052a7514
                                            0x052a7514
                                            0x052a7455
                                            0x052a7469
                                            0x052a746d
                                            0x00000000
                                            0x052a7473
                                            0x052a7473
                                            0x052a7476
                                            0x052a7480
                                            0x052a7484
                                            0x052a748e
                                            0x052a7493
                                            0x052a7493
                                            0x052a7496
                                            0x052a7499
                                            0x052a74a1
                                            0x052a74b1
                                            0x052a74b5
                                            0x00000000
                                            0x052a74bb
                                            0x052a74c1
                                            0x052a74c1
                                            0x052a74c4
                                            0x052a74c5
                                            0x052a74c6
                                            0x052a74c7
                                            0x052a74c8
                                            0x052a74cd
                                            0x00000000
                                            0x052a74d3
                                            0x052a74d3
                                            0x052a74d6
                                            0x052a74d8
                                            0x052a74db
                                            0x052a74dd
                                            0x052a74e0
                                            0x052a74e7
                                            0x052a74ee
                                            0x052a74ee
                                            0x052a74f4
                                            0x052a74f9
                                            0x00000000
                                            0x052a74fb
                                            0x052a74fb
                                            0x052a74fd
                                            0x052a7500
                                            0x052a7503
                                            0x052a7505
                                            0x052a7505
                                            0x052a74f9
                                            0x00000000
                                            0x052a74cd
                                            0x052a74b5
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                            • Instruction ID: 6df211ef19434df1b31f166a5a2c111474d62a95e109bdf0b6237d5da65ebe7a
                                            • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                            • Instruction Fuzzy Hash: EE518A72610606EFCB15CF14C980A96BBB5FF45304F18C1BAE9099F212E371EA46CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05202990 Relevance: .1, Instructions: 133COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 97%
                                            			E05202990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x52aff00);
				E0522D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x51b1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0521E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x51b1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E052551BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x51b166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E05202AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E051E6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E05202C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E051EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E05202AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E05202C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E05202ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0522D0D1(_t62);
				goto L28;
			}





















                                            0x05202990
                                            0x05202992
                                            0x05202997
                                            0x052029a3
                                            0x052029a6
                                            0x052029ab
                                            0x052029ad
                                            0x052029b2
                                            0x05245c80
                                            0x052029b8
                                            0x052029b8
                                            0x052029bb
                                            0x052029c0
                                            0x052029c5
                                            0x052029c6
                                            0x052029c6
                                            0x052029cb
                                            0x00000000
                                            0x00000000
                                            0x052029cd
                                            0x052029d0
                                            0x052029d9
                                            0x052029db
                                            0x052029dd
                                            0x05202a7f
                                            0x05202a84
                                            0x05202a87
                                            0x05202a89
                                            0x05245ca1
                                            0x05245ca3
                                            0x00000000
                                            0x05202a8f
                                            0x05202a8f
                                            0x00000000
                                            0x05202a8f
                                            0x00000000
                                            0x052029e3
                                            0x052029e3
                                            0x052029e3
                                            0x00000000
                                            0x052029e3
                                            0x052029dd
                                            0x00000000
                                            0x052029db
                                            0x052029e6
                                            0x052029e9
                                            0x052029eb
                                            0x052029ed
                                            0x052029f3
                                            0x052029f5
                                            0x052029f8
                                            0x052029fa
                                            0x05202a97
                                            0x05202a9a
                                            0x05202a9d
                                            0x05202add
                                            0x00000000
                                            0x05202a9f
                                            0x05202aa2
                                            0x05202aa5
                                            0x05202aa8
                                            0x05202aab
                                            0x05245cab
                                            0x05245caf
                                            0x05245cc5
                                            0x05245cda
                                            0x05245cdc
                                            0x05245cdf
                                            0x05245ce5
                                            0x00000000
                                            0x05245ceb
                                            0x05245ced
                                            0x05245cee
                                            0x00000000
                                            0x05245cee
                                            0x05245cb1
                                            0x05245cb4
                                            0x05245cb9
                                            0x05245cbb
                                            0x00000000
                                            0x05245cbd
                                            0x05245cbd
                                            0x00000000
                                            0x05245cbd
                                            0x05245cbb
                                            0x05202ab1
                                            0x05202ab1
                                            0x05202ac4
                                            0x05202ac6
                                            0x05202ac6
                                            0x00000000
                                            0x05202ac6
                                            0x05202aab
                                            0x00000000
                                            0x05202a00
                                            0x05202a09
                                            0x05202a0e
                                            0x05202a21
                                            0x05202a24
                                            0x05202a35
                                            0x05202a3a
                                            0x05202a3d
                                            0x05202a42
                                            0x05202a59
                                            0x05202a59
                                            0x05202a5c
                                            0x05202a5f
                                            0x05202a5f
                                            0x052029fa
                                            0x052029f3
                                            0x05202a64
                                            0x05202a64
                                            0x05202a6b
                                            0x05202a6b
                                            0x05202a6d
                                            0x05202a72
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0fe0a5d083a5baaefb915f0cfad2d7a167bb069f8509c22616e5013282d1f526
                                            • Instruction ID: 68d44246a8e8edb0aec061d7a9443c5e5cfb0fe85c97c356cf0e05ab4bc3818c
                                            • Opcode Fuzzy Hash: 0fe0a5d083a5baaefb915f0cfad2d7a167bb069f8509c22616e5013282d1f526
                                            • Instruction Fuzzy Hash: E8517E75A2121ADFCF25CF54C888ADEBBB6FF08310F119056E805AB2A2D7759D52CF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05204D3B Relevance: .1, Instructions: 131COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 78%
                                            			E05204D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x52cd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0521FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x52c7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0521B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L051F4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E051DCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0521B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0521F380(_t67 + 0xc, 0x51b5138, 0x10) == 0) {
								 *0x52c60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E05204F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E05204E70(0x52c86b0, 0x5205690, 0, 0) != 0) {
					_t46 = E051DCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                            0x05204d3b
                                            0x05204d4d
                                            0x05204d53
                                            0x05204d58
                                            0x05204d65
                                            0x05204d6c
                                            0x05204d71
                                            0x05204d77
                                            0x05204d7f
                                            0x05204d8c
                                            0x05204d8e
                                            0x05204dad
                                            0x05204db0
                                            0x05204db7
                                            0x05204db8
                                            0x05204db9
                                            0x05204dba
                                            0x05204dbb
                                            0x05204dc1
                                            0x05204dc8
                                            0x05204dcc
                                            0x05204dd5
                                            0x05204dde
                                            0x05204ddf
                                            0x05204de0
                                            0x05204de1
                                            0x05204de6
                                            0x05204de7
                                            0x05204de9
                                            0x05204df3
                                            0x00000000
                                            0x00000000
                                            0x05246c7c
                                            0x05246c8a
                                            0x05246c8a
                                            0x05246c9d
                                            0x05246ca7
                                            0x05246cac
                                            0x05246cb2
                                            0x05246cb9
                                            0x00000000
                                            0x05246cbf
                                            0x05246cbf
                                            0x00000000
                                            0x05246cbf
                                            0x05246cb9
                                            0x05204dfb
                                            0x05246ccf
                                            0x05246cd3
                                            0x05204e32
                                            0x05204e39
                                            0x05246ce0
                                            0x05246cf2
                                            0x05246cf2
                                            0x05246ce0
                                            0x05204e3f
                                            0x05204e41
                                            0x05204e51
                                            0x05204e51
                                            0x05204e03
                                            0x05204e03
                                            0x05204e09
                                            0x05204e0f
                                            0x05204e57
                                            0x00000000
                                            0x00000000
                                            0x05204e1b
                                            0x05204e30
                                            0x05204e5b
                                            0x05204e5b
                                            0x00000000
                                            0x05204e30
                                            0x05204e11
                                            0x05204e11
                                            0x05204e16
                                            0x00000000
                                            0x05204e16
                                            0x05204e01
                                            0x00000000
                                            0x05204e01
                                            0x05204da5
                                            0x05246c6b
                                            0x00000000
                                            0x05204dab
                                            0x05204dab
                                            0x00000000
                                            0x05204dab

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7212dff9a5498ee49c4ba3087adc3f36062eac3f3d14b5771346dff52df5904e
                                            • Instruction ID: ca5bb4cc05f9723039b2f8609b13fcc02bfdf05ca5fb804bd23eb6d6499be2c4
                                            • Opcode Fuzzy Hash: 7212dff9a5498ee49c4ba3087adc3f36062eac3f3d14b5771346dff52df5904e
                                            • Instruction Fuzzy Hash: A541B171A613189FEF25EF14C888FA6B7AAFF45610F004099EA49972C2D7B0ED40CBD1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05204BAD Relevance: .1, Instructions: 131COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E05204BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x52cd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E051DCC50(_t86);
					L11:
					return E0521B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x52c8504
				E051F2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0521FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0521B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L051F4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E051DCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x52c8504
								E051EFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E05204F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                            0x05204bad
                                            0x05204bbf
                                            0x05204bc2
                                            0x05204bc6
                                            0x05204bcd
                                            0x05204bd9
                                            0x052467fe
                                            0x05246800
                                            0x05204ccc
                                            0x05204ccd
                                            0x05204cb7
                                            0x05204cc9
                                            0x05204cc9
                                            0x05204bdf
                                            0x05204be5
                                            0x00000000
                                            0x00000000
                                            0x05204beb
                                            0x05204bef
                                            0x00000000
                                            0x00000000
                                            0x05204bf5
                                            0x05204bf9
                                            0x05204c06
                                            0x05204c0b
                                            0x05204c17
                                            0x05204c1c
                                            0x05204c1f
                                            0x05204c25
                                            0x05204c33
                                            0x05204c3d
                                            0x05204c40
                                            0x05204c43
                                            0x05204c47
                                            0x05204c4d
                                            0x05204c53
                                            0x05204c54
                                            0x05204c55
                                            0x05204c56
                                            0x05204c5b
                                            0x05204c5c
                                            0x05204c63
                                            0x05204c6b
                                            0x00000000
                                            0x00000000
                                            0x05246776
                                            0x05246784
                                            0x05246784
                                            0x0524679f
                                            0x052467a7
                                            0x052467af
                                            0x052467ce
                                            0x00000000
                                            0x052467b1
                                            0x052467b7
                                            0x052467b8
                                            0x052467c1
                                            0x052467d3
                                            0x052467d9
                                            0x052467dd
                                            0x05204c94
                                            0x05204c94
                                            0x05204c98
                                            0x05204c9c
                                            0x05204ca3
                                            0x052467f4
                                            0x052467f4
                                            0x05204cb5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05204cb5
                                            0x05204c79
                                            0x05204c7e
                                            0x05204c89
                                            0x05204c8b
                                            0x05204c8f
                                            0x05204c8f
                                            0x00000000
                                            0x05204c89
                                            0x052467c3
                                            0x00000000
                                            0x052467c3
                                            0x052467af
                                            0x05204c73
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c89cd58357dcc88d6e62f861d52f2818faa2f407586c73201f6561a84e4adee4
                                            • Instruction ID: 3b7dbfc56dc0c163d7282a64f0792943fb21a9535872bdaa6a26bfdeab62a712
                                            • Opcode Fuzzy Hash: c89cd58357dcc88d6e62f861d52f2818faa2f407586c73201f6561a84e4adee4
                                            • Instruction Fuzzy Hash: C941B036A112299BCF24EF64C944FEA77B5FF45710F0140A5EA09AB281DB74AE80CFD0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051E8A0A Relevance: .1, Instructions: 120COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E051E8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x52cd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0521B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E051EE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x51b1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E05201DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E05213C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E051E8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                            0x051e8a0a
                                            0x051e8a1c
                                            0x051e8a23
                                            0x051e8a2e
                                            0x051e8a30
                                            0x051e8a36
                                            0x051e8a3c
                                            0x051e8a3e
                                            0x051e8a4a
                                            0x051e8a52
                                            0x051e8a9c
                                            0x051e8aae
                                            0x051e8a58
                                            0x051e8a5e
                                            0x051e8a6a
                                            0x051e8a6f
                                            0x051e8a75
                                            0x051e8a7d
                                            0x051e8a85
                                            0x051e8a86
                                            0x051e8a89
                                            0x051e8a93
                                            0x051e8a99
                                            0x051e8a9b
                                            0x00000000
                                            0x051e8aaf
                                            0x051e8abe
                                            0x051e8ac3
                                            0x051e8acb
                                            0x051e8ad7
                                            0x051e8ae0
                                            0x051e8af1
                                            0x00000000
                                            0x051e8af1
                                            0x051e8acd
                                            0x051e8ad5
                                            0x051e8afb
                                            0x051e8afd
                                            0x051e8aff
                                            0x051e8b07
                                            0x051e8b22
                                            0x051e8b24
                                            0x051e8b2a
                                            0x051e8b2e
                                            0x051e8b3f
                                            0x051e8b78
                                            0x051e8b41
                                            0x051e8b52
                                            0x051e8b54
                                            0x051e8b5c
                                            0x051e8b74
                                            0x051e8b74
                                            0x051e8b5c
                                            0x051e8b3f
                                            0x051e8b5e
                                            0x051e8b61
                                            0x051e8b64
                                            0x051e8b64
                                            0x051e8b6c
                                            0x051e8b6c
                                            0x051e8b11
                                            0x05239cd5
                                            0x05239cd5
                                            0x051e8b17
                                            0x051e8b1a
                                            0x051e8b1a
                                            0x00000000
                                            0x051e8ad5
                                            0x051e8a89

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 63da21198855e2a52ebf0c930ab5889127b5e01ea9043dcaeb74c7fec077889b
                                            • Instruction ID: ad36949b65e0139b8387b69bfc9bd72815905e9054ed9ac80478b1a08cf7bc1e
                                            • Opcode Fuzzy Hash: 63da21198855e2a52ebf0c930ab5889127b5e01ea9043dcaeb74c7fec077889b
                                            • Instruction Fuzzy Hash: 1B4171B5A40628ABDB34DF15D8C8AB9B7F5FB84300F1146E9D81997252E7709E81CF60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0529AA16 Relevance: .1, Instructions: 120COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0529AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0529ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0529AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0529AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0527CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L051F77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E051F7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0529131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0527CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                            0x0529aa1f
                                            0x0529aa21
                                            0x0529aa23
                                            0x0529aa2b
                                            0x0529aa30
                                            0x0529aa36
                                            0x0529aa39
                                            0x0529aa42
                                            0x0529aa75
                                            0x0529aa7a
                                            0x0529aa7c
                                            0x0529aa7c
                                            0x0529aa88
                                            0x0529aa8a
                                            0x0529aa8f
                                            0x0529ab02
                                            0x0529ab04
                                            0x0529aa99
                                            0x0529aaa8
                                            0x0529aaaf
                                            0x0529aab3
                                            0x0529aacc
                                            0x0529aad1
                                            0x0529aad6
                                            0x0529aae0
                                            0x0529aaf3
                                            0x0529aaf9
                                            0x0529aafe
                                            0x0529aafe
                                            0x0529aaf3
                                            0x0529aad6
                                            0x0529aab3
                                            0x0529ab07
                                            0x0529ab0a
                                            0x0529ab11
                                            0x0529ab23
                                            0x0529ab13
                                            0x0529ab1c
                                            0x0529ab1c
                                            0x0529ab2b
                                            0x0529ab44
                                            0x0529ab44
                                            0x0529ab51
                                            0x0529ab51
                                            0x0529aa44
                                            0x0529aa47
                                            0x0529aa4c
                                            0x00000000
                                            0x00000000
                                            0x0529aa5a
                                            0x0529aa64
                                            0x0529aa72
                                            0x00000000
                                            0x0529aa66
                                            0x0529aa66
                                            0x0529aa68
                                            0x0529aa6a
                                            0x00000000
                                            0x0529aa6a

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                            • Instruction ID: 0c6608a8bed0c07f6a6e30c259282fc86e384f8dab50c80e23f61502f899b46d
                                            • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                            • Instruction Fuzzy Hash: 3031C032F242156BDF19DA69C869BBFF7BBEF94210F058069E809A7391DB749D00C750
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0529FDE2 Relevance: .1, Instructions: 116COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 76%
                                            			E0529FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0529FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E052A0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E051F7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E05291608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E052A2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0529C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0529DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E051F7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0529A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                            0x0529fde7
                                            0x0529fde8
                                            0x0529fdec
                                            0x0529fdee
                                            0x0529fdf5
                                            0x0529fdf7
                                            0x0529fdfc
                                            0x0529fe19
                                            0x0529fe22
                                            0x0529fe26
                                            0x0529fec6
                                            0x0529fecd
                                            0x0529fed5
                                            0x0529fee7
                                            0x0529fed7
                                            0x0529fee0
                                            0x0529fee0
                                            0x0529feef
                                            0x0529ff00
                                            0x0529ff02
                                            0x0529ff07
                                            0x0529ff07
                                            0x00000000
                                            0x0529feef
                                            0x0529fe33
                                            0x0529fe55
                                            0x0529fe59
                                            0x0529fe5b
                                            0x0529fe5e
                                            0x0529fe69
                                            0x0529fe6d
                                            0x0529fe6d
                                            0x0529fe69
                                            0x0529fe35
                                            0x0529fe41
                                            0x0529fe41
                                            0x0529fe79
                                            0x0529fe8b
                                            0x0529fe7b
                                            0x0529fe84
                                            0x0529fe84
                                            0x0529fe93
                                            0x00000000
                                            0x0529fea8
                                            0x0529feba
                                            0x00000000
                                            0x0529feba
                                            0x0529fdfe
                                            0x0529fe01
                                            0x0529fe02
                                            0x0529fe08
                                            0x0529ff0c
                                            0x0529ff14
                                            0x0529ff14

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                            • Instruction ID: e1f417a9d1859ad6588a8467c0197e83f55b1c4e38e632f3a8318ac52141cf6c
                                            • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                            • Instruction Fuzzy Hash: 1D3118323246416FDB6BC768C948F6A77A6FFC5240F184058E58ACB782DA74DC41C710
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0529EA55 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 70%
                                            			E0529EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E051F2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0529E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E051DF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E051EFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0529AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0529BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E051F7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0528FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E051EFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0529A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                            0x0529ea55
                                            0x0529ea66
                                            0x0529ea68
                                            0x0529ea6c
                                            0x0529ea6f
                                            0x0529ea72
                                            0x0529ea75
                                            0x0529ea7a
                                            0x0529ea7a
                                            0x0529ea7e
                                            0x0529ea80
                                            0x0529ea85
                                            0x0529ea8b
                                            0x0529eab5
                                            0x0529eabc
                                            0x0529eabf
                                            0x0529eabf
                                            0x0529eaca
                                            0x0529eace
                                            0x0529ead0
                                            0x0529eae4
                                            0x0529eaeb
                                            0x0529eaf0
                                            0x0529eaf5
                                            0x0529eb09
                                            0x0529eb0d
                                            0x0529eb1d
                                            0x0529eb2d
                                            0x0529eb38
                                            0x0529eb3d
                                            0x0529eb41
                                            0x0529eb4a
                                            0x0529eb60
                                            0x0529eb4c
                                            0x0529eb52
                                            0x0529eb59
                                            0x0529eb59
                                            0x0529eb68
                                            0x0529eb71
                                            0x0529eb71
                                            0x0529ea8d
                                            0x0529ea8f
                                            0x0529ea92
                                            0x0529ea97
                                            0x0529ea97
                                            0x0529ea9b
                                            0x0529ea9c
                                            0x0529ea9e
                                            0x0529eaa6
                                            0x0529eaa6
                                            0x0529eb7e

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                            • Instruction ID: c396a17a971ab6865c750cf7c049e8423be7a9ac6b42478d7c25a82a62bff2a4
                                            • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                            • Instruction Fuzzy Hash: 2E31C1727147059BCB29DF24C894A6BB7AAFFC0210F05492DF55787781DB31E809CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052569A6 Relevance: .1, Instructions: 108COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 69%
                                            			E052569A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x52cd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L051E6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E05256BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E05219980() >= 0) {
							E051F2280(_t56, 0x52c8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x52c8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x52c8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E051DB6F0(0x51bc338, 0x51bc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E05219520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E052195D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E051EFFB0(_t68, _t77, 0x52c8778);
				}
				_pop(_t78);
				return E0521B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                            0x052569b5
                                            0x052569be
                                            0x052569c3
                                            0x052569c9
                                            0x052569cc
                                            0x052569d1
                                            0x052569d3
                                            0x052569de
                                            0x052569e1
                                            0x052569ea
                                            0x052569f6
                                            0x052569fe
                                            0x05256a13
                                            0x05256a14
                                            0x05256a15
                                            0x05256a16
                                            0x05256a1e
                                            0x05256a26
                                            0x05256a31
                                            0x05256a36
                                            0x05256a37
                                            0x05256a40
                                            0x05256a49
                                            0x05256a4a
                                            0x05256a53
                                            0x05256a59
                                            0x05256a5d
                                            0x05256a5e
                                            0x05256a64
                                            0x05256a67
                                            0x05256a6a
                                            0x05256a6d
                                            0x05256a70
                                            0x05256a77
                                            0x05256a7d
                                            0x05256a86
                                            0x05256a89
                                            0x05256a9c
                                            0x05256a9f
                                            0x05256aa2
                                            0x05256aa5
                                            0x05256aaf
                                            0x05256ab1
                                            0x05256ab8
                                            0x05256ab9
                                            0x05256abb
                                            0x05256abe
                                            0x05256ac5
                                            0x05256ac5
                                            0x05256aaf
                                            0x05256a40
                                            0x05256a26
                                            0x052569fe
                                            0x05256ace
                                            0x05256ad0
                                            0x05256ad3
                                            0x05256ad8
                                            0x05256adf
                                            0x05256adf
                                            0x05256ae8
                                            0x05256aef
                                            0x05256aef
                                            0x05256af9
                                            0x05256b06

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c665a786cd1fc2b2996fbd9c61ffb53a8089ff5b3a2b2470586c8e27136da28c
                                            • Instruction ID: 05441072b4ac1879fc190675708faac05264afcee4c749fa893f06d2d6738ccd
                                            • Opcode Fuzzy Hash: c665a786cd1fc2b2996fbd9c61ffb53a8089ff5b3a2b2470586c8e27136da28c
                                            • Instruction Fuzzy Hash: ED41AEB1E10209AFDB14CFA4D844BFEBBF5FF48714F14812AE919A3241EB70A905CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051D5210 Relevance: .1, Instructions: 107COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E051D5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E051D52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E052195D0();
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E051EEB70(_t54, 0x52c79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E052195D0();
								L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E051EEB70(_t54, 0x52c79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0521F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E051EEB70(_t54, 0x52c79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E052195D0();
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                            0x051d5220
                                            0x051d5224
                                            0x05230d13
                                            0x05230d16
                                            0x05230d19
                                            0x051d522a
                                            0x051d522a
                                            0x051d522d
                                            0x051d522d
                                            0x051d5231
                                            0x051d5235
                                            0x051d5239
                                            0x05230d5c
                                            0x05230d62
                                            0x00000000
                                            0x00000000
                                            0x05230d6a
                                            0x05230d7b
                                            0x05230d7f
                                            0x05230d81
                                            0x05230d84
                                            0x05230d95
                                            0x05230d95
                                            0x05230d6c
                                            0x05230d71
                                            0x05230d71
                                            0x05230d9a
                                            0x00000000
                                            0x051d524a
                                            0x051d524a
                                            0x051d5250
                                            0x05230d24
                                            0x05230d35
                                            0x05230d39
                                            0x05230d3b
                                            0x05230d3e
                                            0x05230d50
                                            0x05230d50
                                            0x05230d26
                                            0x05230d2b
                                            0x05230d2b
                                            0x00000000
                                            0x05230d55
                                            0x051d5256
                                            0x051d525b
                                            0x051d5265
                                            0x05230da7
                                            0x051d526b
                                            0x051d526e
                                            0x051d5272
                                            0x05230db1
                                            0x05230db4
                                            0x05230dc5
                                            0x05230dc5
                                            0x051d5272
                                            0x051d5278
                                            0x051d527e
                                            0x051d528a
                                            0x051d528c
                                            0x051d528d
                                            0x00000000
                                            0x051d5280
                                            0x051d5282
                                            0x051d5288
                                            0x051d529f
                                            0x051d5292
                                            0x00000000
                                            0x051d5292
                                            0x00000000
                                            0x051d5288
                                            0x051d527e

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f13d8ba429f86fe3a58bd8f69dc579675ab17ff2f75717732c25d7a71d072d21
                                            • Instruction ID: 8c98e923a6dc2b410ed88294323a7b4b2fc238bc8590058eb83095398853e449
                                            • Opcode Fuzzy Hash: f13d8ba429f86fe3a58bd8f69dc579675ab17ff2f75717732c25d7a71d072d21
                                            • Instruction Fuzzy Hash: C231E5316A5605EBC735AB18C88AF66B7F6FF10760F124719E81A0B591D770F804CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05213D43 Relevance: .1, Instructions: 106COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E05213D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E051E7B60(0, _t61, 0x51b11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E051E7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L051F4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                            0x05213d4c
                                            0x05213d50
                                            0x05213d55
                                            0x05213d5e
                                            0x0524e79a
                                            0x00000000
                                            0x0524e79a
                                            0x05213d68
                                            0x0524e789
                                            0x05213d9d
                                            0x05213da3
                                            0x05213daf
                                            0x05213db5
                                            0x05213dbc
                                            0x05213dc4
                                            0x05213dc9
                                            0x05213dce
                                            0x0524e7ae
                                            0x0524e7ae
                                            0x05213dde
                                            0x05213de2
                                            0x05213de7
                                            0x05213e0d
                                            0x05213e13
                                            0x05213e16
                                            0x05213e1e
                                            0x05213e25
                                            0x05213e28
                                            0x00000000
                                            0x00000000
                                            0x05213e2a
                                            0x05213e2f
                                            0x05213e37
                                            0x05213e37
                                            0x00000000
                                            0x05213e37
                                            0x05213e31
                                            0x00000000
                                            0x05213e31
                                            0x05213e20
                                            0x05213e20
                                            0x05213e35
                                            0x00000000
                                            0x05213de9
                                            0x05213de9
                                            0x05213de9
                                            0x05213dee
                                            0x05213dfd
                                            0x05213dff
                                            0x05213e02
                                            0x05213e05
                                            0x05213e05
                                            0x00000000
                                            0x05213df0
                                            0x05213de7
                                            0x0524e78f
                                            0x0524e794
                                            0x05213d79
                                            0x05213d84
                                            0x05213d89
                                            0x05213d8e
                                            0x00000000
                                            0x0524e7a4
                                            0x05213d96
                                            0x05213d9a
                                            0x00000000
                                            0x05213d9a
                                            0x00000000
                                            0x0524e794
                                            0x05213d6e
                                            0x05213d73
                                            0x00000000
                                            0x0524e7b5
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9b93fcf92da8931fef74bb3b362fe35e272a48c52a9bd537ec86c0e77eee9138
                                            • Instruction ID: 2ce428614b0e7c77e45dbc245acd1c7ec2ee446e4e3a21b7ccb7ce79773ee168
                                            • Opcode Fuzzy Hash: 9b93fcf92da8931fef74bb3b362fe35e272a48c52a9bd537ec86c0e77eee9138
                                            • Instruction Fuzzy Hash: 9431D031A24611DBD728CF29C841A7BBBEBFF65750B05886AE84ACB350E770D841C799
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520A61C Relevance: .1, Instructions: 106COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 78%
                                            			E0520A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x52b0220);
				E0522D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x52c7b9c; // 0x0
				_t55 = L051F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0522D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x52c7b10 =  *0x52c7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x52c536c; // 0x775b5368
					if( *_t51 != 0x52c5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x52c5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x52c536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0520A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                            0x0520a61c
                                            0x0520a61e
                                            0x0520a623
                                            0x0520a628
                                            0x0520a62b
                                            0x0520a62d
                                            0x0520a648
                                            0x0520a64a
                                            0x0520a64f
                                            0x05249b44
                                            0x0520a6ec
                                            0x0520a6f1
                                            0x0520a6f1
                                            0x0520a655
                                            0x0520a657
                                            0x0520a65a
                                            0x0520a65d
                                            0x0520a662
                                            0x0520a663
                                            0x0520a667
                                            0x0520a668
                                            0x0520a66d
                                            0x0520a706
                                            0x0520a706
                                            0x05249bda
                                            0x05249be6
                                            0x05249beb
                                            0x00000000
                                            0x05249beb
                                            0x0520a679
                                            0x05249b7a
                                            0x00000000
                                            0x05249b7a
                                            0x0520a683
                                            0x0520a6f4
                                            0x0520a6f7
                                            0x0520a6f9
                                            0x0520a6fd
                                            0x0520a6a0
                                            0x0520a6a0
                                            0x0520a6ad
                                            0x0520a6af
                                            0x0520a6b4
                                            0x05249ba7
                                            0x05249bac
                                            0x00000000
                                            0x00000000
                                            0x05249bc6
                                            0x05249bce
                                            0x05249bd1
                                            0x05249bd3
                                            0x05249bd3
                                            0x00000000
                                            0x05249bd1
                                            0x0520a6bd
                                            0x0520a6c3
                                            0x0520a6c6
                                            0x0520a6d2
                                            0x0520a701
                                            0x0520a704
                                            0x00000000
                                            0x0520a704
                                            0x0520a6d4
                                            0x0520a6d6
                                            0x0520a6d9
                                            0x0520a6db
                                            0x0520a6e1
                                            0x0520a6e6
                                            0x0520a6e8
                                            0x0520a6e8
                                            0x0520a6ea
                                            0x00000000
                                            0x0520a6ea
                                            0x0520a688
                                            0x0520a692
                                            0x0520a694
                                            0x0520a699
                                            0x00000000
                                            0x00000000
                                            0x0520a69d
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a27a4aa45f498b591dc9725394b6f4fa175915e934881a9c833b60a9e9241199
                                            • Instruction ID: 5727c9b9ca669e30f2743e4b5333dad47d10acbf43731863ed629f1514f6b6ad
                                            • Opcode Fuzzy Hash: a27a4aa45f498b591dc9725394b6f4fa175915e934881a9c833b60a9e9241199
                                            • Instruction Fuzzy Hash: 39413875A25205DFCB09CF58D490BAABBF2BF49300F1581A9E805AB396C774E941CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051FC182 Relevance: .1, Instructions: 104COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E051FC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E051F7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E052A8D34(_v8, _t80);
					}
					E051F2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E051EFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E052A8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E051EFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0521B180();
						if(_a4 != 0) {
							E051F2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E051FBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E051FBB2D(_t16, _t15);
						E051FB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E051EFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E051EFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E051EFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                            0x051fc18d
                                            0x051fc18f
                                            0x051fc191
                                            0x051fc19b
                                            0x051fc1a0
                                            0x051fc1d4
                                            0x051fc1de
                                            0x05242d6e
                                            0x051fc1e4
                                            0x051fc1e4
                                            0x051fc1e4
                                            0x051fc1ec
                                            0x05242d7d
                                            0x05242d7d
                                            0x051fc1f3
                                            0x051fc1ff
                                            0x05242d88
                                            0x05242d8d
                                            0x05242d94
                                            0x05242d94
                                            0x05242d9f
                                            0x05242da4
                                            0x05242dab
                                            0x05242db0
                                            0x05242db2
                                            0x05242db3
                                            0x05242db4
                                            0x05242dbc
                                            0x05242dc3
                                            0x05242dc3
                                            0x051fc205
                                            0x051fc205
                                            0x051fc208
                                            0x051fc20e
                                            0x051fc211
                                            0x051fc216
                                            0x051fc219
                                            0x051fc21f
                                            0x051fc222
                                            0x051fc22c
                                            0x051fc234
                                            0x051fc23a
                                            0x051fc23f
                                            0x051fc245
                                            0x051fc24b
                                            0x051fc251
                                            0x051fc25a
                                            0x051fc276
                                            0x051fc27d
                                            0x051fc27d
                                            0x051fc25c
                                            0x051fc25c
                                            0x00000000
                                            0x051fc25e
                                            0x051fc1a4
                                            0x051fc1aa
                                            0x051fc1b3
                                            0x051fc265
                                            0x051fc26c
                                            0x051fc26c
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                            • Instruction ID: b3bdd49ff7da224c43ae5a08f99b47dcd2bca5eeb28168b3f6b5086f248deb94
                                            • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                            • Instruction Fuzzy Hash: 5331287270998AEED718EBB4C484BE9F755FF82204F04415AD51D47202DB386D16DBE0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05257016 Relevance: .1, Instructions: 104COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 76%
                                            			E05257016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x52cd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E05256B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E05256B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E051F7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E05219AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0521B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L051F4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                            0x05257016
                                            0x0525701e
                                            0x0525702b
                                            0x05257033
                                            0x05257037
                                            0x0525703c
                                            0x0525703e
                                            0x05257041
                                            0x05257045
                                            0x0525704a
                                            0x05257050
                                            0x05257055
                                            0x0525705a
                                            0x05257062
                                            0x05257062
                                            0x0525705a
                                            0x05257064
                                            0x05257064
                                            0x05257067
                                            0x05257071
                                            0x05257096
                                            0x0525709b
                                            0x052570a2
                                            0x052570a6
                                            0x052570a7
                                            0x052570ad
                                            0x052570b3
                                            0x052570b6
                                            0x052570bb
                                            0x052570c3
                                            0x052570c3
                                            0x052570c6
                                            0x052570cd
                                            0x052570dd
                                            0x052570e0
                                            0x052570e2
                                            0x052570e2
                                            0x052570ee
                                            0x05257101
                                            0x052570f0
                                            0x052570f9
                                            0x052570f9
                                            0x0525710a
                                            0x0525710e
                                            0x05257112
                                            0x05257117
                                            0x05257118
                                            0x05257118
                                            0x052570bb
                                            0x0525711d
                                            0x05257123
                                            0x05257131
                                            0x05257131
                                            0x05257136
                                            0x0525713d
                                            0x0525713e
                                            0x0525713f
                                            0x0525714a
                                            0x0525714a
                                            0x05257084
                                            0x05257088
                                            0x00000000
                                            0x0525708e
                                            0x0525708e
                                            0x05257092
                                            0x00000000
                                            0x05257092

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 09dbc802953aae537906783bfba5c5c33b0cc7c21264af0b92ad64135c3d2bd6
                                            • Instruction ID: 4417f4377005b0860e3d384ed0e149188d64ad2df5a9b23b73f63ae5c8b5fc99
                                            • Opcode Fuzzy Hash: 09dbc802953aae537906783bfba5c5c33b0cc7c21264af0b92ad64135c3d2bd6
                                            • Instruction Fuzzy Hash: 5131C6726187519FC320DF28C844A6BB7E5FFC8750F044A29FC9A97690E730E904C7A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05216DE6 Relevance: .1, Instructions: 101COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E05216DE6(signed int __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t39;
				intOrPtr _t52;
				intOrPtr _t53;
				signed int _t59;
				signed int _t63;
				intOrPtr _t64;
				intOrPtr* _t66;
				void* _t68;
				intOrPtr _t69;
				signed int _t73;
				signed int _t75;
				intOrPtr _t77;
				signed int _t80;
				intOrPtr _t82;

				_t68 = __edx;
				_push(__ecx);
				_t80 = __ecx;
				_t75 = _a4;
				if(__edx >  *((intOrPtr*)(__ecx + 0x90))) {
					L23:
					asm("lock inc dword [esi+0x110]");
					if(( *(_t80 + 0xd4) & 0x00010000) != 0) {
						asm("lock inc dword [ecx+eax+0x4]");
					}
					_t39 = 0;
					L13:
					return _t39;
				}
				_t63 =  *(__ecx + 0x88);
				_t4 = _t68 + 7; // 0xa
				_t69 =  *((intOrPtr*)(__ecx + 0x8c));
				_t59 = _t4 & 0xfffffff8;
				_v8 = _t69;
				if(_t75 >= _t63) {
					_t75 = _t75 % _t63;
					L15:
					_t69 = _v8;
				}
				_t64 =  *((intOrPtr*)(_t80 + 0x17c + _t75 * 4));
				if(_t64 == 0) {
					L14:
					if(E05216EBE(_t80, _t64, _t75) != 1) {
						goto L23;
					}
					goto L15;
				}
				asm("lock inc dword [ecx+0xc]");
				if( *((intOrPtr*)(_t64 + 0x2c)) != 1 ||  *((intOrPtr*)(_t64 + 8)) > _t69) {
					goto L14;
				} else {
					_t73 = _t59;
					asm("lock xadd [eax], edx");
					if(_t73 + _t59 > _v8) {
						if(_t73 <= _v8) {
							 *(_t64 + 4) = _t73;
						}
						goto L14;
					}
					_t77 = _t73 + _t64;
					_v8 = _t77;
					 *_a12 = _t64;
					_t66 = _a8;
					if(_t66 == 0) {
						L12:
						_t39 = _t77;
						goto L13;
					}
					_t52 =  *((intOrPtr*)(_t80 + 0x10));
					if(_t52 != 0) {
						_t53 = _t52 - 1;
						if(_t53 == 0) {
							asm("rdtsc");
							 *_t66 = _t53;
							L11:
							 *(_t66 + 4) = _t73;
							goto L12;
						}
						E05206A60(_t66);
						goto L12;
					}
					while(1) {
						_t73 =  *0x7ffe0018;
						_t82 =  *0x7FFE0014;
						if(_t73 ==  *0x7FFE001C) {
							break;
						}
						asm("pause");
					}
					_t66 = _a8;
					_t77 = _v8;
					 *_t66 = _t82;
					goto L11;
				}
			}


















                                            0x05216de6
                                            0x05216dee
                                            0x05216df1
                                            0x05216df4
                                            0x05216dfd
                                            0x052505d3
                                            0x052505d3
                                            0x052505e4
                                            0x052505f9
                                            0x052505f9
                                            0x052505fe
                                            0x05216e96
                                            0x05216e9c
                                            0x05216e9c
                                            0x05216e03
                                            0x05216e09
                                            0x05216e0c
                                            0x05216e12
                                            0x05216e15
                                            0x05216e1b
                                            0x052505a1
                                            0x05216eb1
                                            0x05216eb1
                                            0x05216eb1
                                            0x05216e21
                                            0x05216e2a
                                            0x05216e9f
                                            0x05216eab
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05216eab
                                            0x05216e2c
                                            0x05216e34
                                            0x00000000
                                            0x05216e3d
                                            0x05216e3d
                                            0x05216e42
                                            0x05216e4d
                                            0x052505ac
                                            0x052505b2
                                            0x052505b2
                                            0x00000000
                                            0x052505ac
                                            0x05216e56
                                            0x05216e59
                                            0x05216e5d
                                            0x05216e5f
                                            0x05216e64
                                            0x05216e94
                                            0x05216e94
                                            0x00000000
                                            0x05216e94
                                            0x05216e6a
                                            0x05216e6d
                                            0x052505ba
                                            0x052505bd
                                            0x052505ca
                                            0x052505cc
                                            0x05216e91
                                            0x05216e91
                                            0x00000000
                                            0x05216e91
                                            0x052505c0
                                            0x00000000
                                            0x052505c0
                                            0x05216e7e
                                            0x05216e7e
                                            0x05216e80
                                            0x05216e86
                                            0x00000000
                                            0x00000000
                                            0x05216eba
                                            0x05216eba
                                            0x05216e88
                                            0x05216e8b
                                            0x05216e8f
                                            0x00000000
                                            0x05216e8f

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
                                            • Instruction ID: 86403944a25f241e41eb3c88a5811ed6a74cf2603508dd0b8fd5a28a3b72cd4a
                                            • Opcode Fuzzy Hash: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
                                            • Instruction Fuzzy Hash: FC319F31624202DFC724CF68C484A6BB3E6FF95325B14CA5DE81A8B640DB71F802CB98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05283D40 Relevance: .1, Instructions: 98COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 70%
                                            			E05283D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x52cd360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E051F2280(_t34, 0x52c8a6c);
				_t64 =  *0x52c5768; // 0x775b5768
				if(_t64 != 0x52c5768) {
					while(1) {
						_t8 = _t64 + 8; // 0x775b5770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E051EFFB0(_t53, _t64, 0x52c8a6c);
						 *0x52cb1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E051F2280(_t45, 0x52c8a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x52c5768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E051EFFB0(_t51, _t64, 0x52c8a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E0521B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                            0x05283d40
                                            0x05283d48
                                            0x05283d52
                                            0x05283d59
                                            0x05283d5d
                                            0x05283d61
                                            0x05283d63
                                            0x05283d67
                                            0x05283d69
                                            0x05283d72
                                            0x05283d76
                                            0x05283d7a
                                            0x05283d7f
                                            0x05283d8b
                                            0x05283d91
                                            0x05283d91
                                            0x05283d91
                                            0x05283d94
                                            0x05283d96
                                            0x05283d9d
                                            0x05283da1
                                            0x05283db0
                                            0x05283dba
                                            0x05283dbc
                                            0x05283dbc
                                            0x05283dc6
                                            0x05283dcb
                                            0x05283dcf
                                            0x05283dd1
                                            0x05283dd4
                                            0x00000000
                                            0x00000000
                                            0x05283dd9
                                            0x05283e0c
                                            0x05283e0c
                                            0x05283e0f
                                            0x05283ddb
                                            0x05283ddb
                                            0x05283de0
                                            0x00000000
                                            0x05283de2
                                            0x05283de2
                                            0x05283de4
                                            0x05283de8
                                            0x05283deb
                                            0x05283df1
                                            0x00000000
                                            0x05283df3
                                            0x05283df3
                                            0x05283df5
                                            0x05283df8
                                            0x05283dfa
                                            0x00000000
                                            0x05283dfa
                                            0x05283df1
                                            0x05283de0
                                            0x05283e11
                                            0x05283e11
                                            0x00000000
                                            0x05283dfe
                                            0x05283e04
                                            0x05283e06
                                            0x00000000
                                            0x05283e06
                                            0x00000000
                                            0x05283e04
                                            0x05283d91
                                            0x05283e15
                                            0x05283e1a
                                            0x05283e1f
                                            0x05283e1f
                                            0x05283e23
                                            0x05283e29
                                            0x00000000
                                            0x00000000
                                            0x05283e2e
                                            0x00000000
                                            0x05283e30
                                            0x05283e30
                                            0x05283e35
                                            0x00000000
                                            0x05283e37
                                            0x05283e3e
                                            0x05283e42
                                            0x05283e48
                                            0x05283e4e
                                            0x00000000
                                            0x05283e4e
                                            0x05283e35
                                            0x00000000
                                            0x05283e2e
                                            0x05283e5b
                                            0x05283e5c
                                            0x05283e5d
                                            0x05283e68
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 78fbf23d6054690f35223b9ec96b2350abbdf177de04ddf0275d41afd797529d
                                            • Instruction ID: 6ed1c7a7c434c7a11e29dca242ba6a9a03aeb166f7de6c8e672a1f8cd7df7217
                                            • Opcode Fuzzy Hash: 78fbf23d6054690f35223b9ec96b2350abbdf177de04ddf0275d41afd797529d
                                            • Instruction Fuzzy Hash: 0E318D7161A302DFC714EF54D88486ABFE1FF95A00F05496EF8898B381D730E905CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520A70E Relevance: .1, Instructions: 96COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 92%
                                            			E0520A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x52c7b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x52c7b10 = 8;
					 *0x52c7b14 = 0x52c7b0c;
					 *0x52c7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E0520A990(0x52c7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0520A840(__edx, __ecx, __ecx, _t52, 0x52c7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x52c7b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x52c7b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x52c7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L051F4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x52c7b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E0521F3E0(_t50,  *0x52c7b14, _t8 >> 3);
						_t28 =  *0x52c7b14; // 0x0
						__eflags = _t28 - 0x52c7b0c;
						if(_t28 != 0x52c7b0c) {
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x52c7b14 = _t50;
						_t48 = _v12;
						 *0x52c7b10 = _t9;
						goto L6;
					}
					 *0x52c7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                            0x0520a713
                                            0x0520a714
                                            0x0520a717
                                            0x0520a71d
                                            0x0520a720
                                            0x0520a722
                                            0x0520a727
                                            0x0520a74a
                                            0x0520a754
                                            0x0520a75e
                                            0x0520a768
                                            0x0520a76a
                                            0x0520a773
                                            0x0520a78b
                                            0x0520a790
                                            0x0520a792
                                            0x0520a741
                                            0x0520a741
                                            0x0520a743
                                            0x0520a749
                                            0x0520a749
                                            0x0520a732
                                            0x0520a73a
                                            0x0520a797
                                            0x0520a79d
                                            0x0520a7a3
                                            0x0520a7a9
                                            0x0520a7b6
                                            0x0520a7bc
                                            0x0520a7ca
                                            0x0520a7e0
                                            0x0520a7e2
                                            0x0520a7e4
                                            0x05249bf2
                                            0x00000000
                                            0x05249bf2
                                            0x0520a7ed
                                            0x0520a7f2
                                            0x0520a800
                                            0x0520a805
                                            0x0520a80d
                                            0x0520a812
                                            0x05249c08
                                            0x05249c08
                                            0x0520a818
                                            0x0520a81b
                                            0x0520a821
                                            0x0520a824
                                            0x00000000
                                            0x0520a824
                                            0x0520a7ae
                                            0x00000000
                                            0x0520a7ae
                                            0x0520a73c
                                            0x0520a73e
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6cffa5784baea6da9be28b368bcde712cdde961793d82d70b49ee00d1b2c3ea0
                                            • Instruction ID: 755a318cec6fcd63235c23365fde67495fc3155bfbfa076b8e9ba391f42827dc
                                            • Opcode Fuzzy Hash: 6cffa5784baea6da9be28b368bcde712cdde961793d82d70b49ee00d1b2c3ea0
                                            • Instruction Fuzzy Hash: CA317CB16312059BC711CB18EC89F6ABFFAFF84710F58495DE01687293DBB0A941CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052061A0 Relevance: .1, Instructions: 93COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 97%
                                            			E052061A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E05205E50(0x51b67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E052A9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E051DF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                            0x052061b3
                                            0x052061b5
                                            0x052061bd
                                            0x052061c3
                                            0x052061c7
                                            0x052061d2
                                            0x052061ff
                                            0x052061ff
                                            0x05206201
                                            0x05206207
                                            0x05206207
                                            0x052061d4
                                            0x052061d9
                                            0x00000000
                                            0x00000000
                                            0x052061df
                                            0x052061e2
                                            0x00000000
                                            0x00000000
                                            0x052061e6
                                            0x052061e8
                                            0x052061ee
                                            0x052061ee
                                            0x052061f9
                                            0x0524762f
                                            0x05247632
                                            0x05247635
                                            0x05247639
                                            0x05247640
                                            0x0524766e
                                            0x05247675
                                            0x00000000
                                            0x00000000
                                            0x05247681
                                            0x05247689
                                            0x0524768d
                                            0x05247691
                                            0x05247695
                                            0x05247699
                                            0x052476af
                                            0x052476b5
                                            0x052476b7
                                            0x052476b7
                                            0x052476d7
                                            0x052476dc
                                            0x00000000
                                            0x052476dc
                                            0x052476a2
                                            0x052476a9
                                            0x05247651
                                            0x05247653
                                            0x05247653
                                            0x05247656
                                            0x05247656
                                            0x00000000
                                            0x05247656
                                            0x05247644
                                            0x05247646
                                            0x05247648
                                            0x05247648
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4b142256d09eec4945dcab19e01260e41b292000eaec6a1ae1f1dcbbf737ea0b
                                            • Instruction ID: 45018e0e5f80e9e6f3a1400aebc9288d45469932daf7e1ae286744e968b270a0
                                            • Opcode Fuzzy Hash: 4b142256d09eec4945dcab19e01260e41b292000eaec6a1ae1f1dcbbf737ea0b
                                            • Instruction Fuzzy Hash: 7031B0716293028FD724DF09C800B26F7E6FF88B00F08496DE9999B392D7B0E845CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051DAA16 Relevance: .1, Instructions: 93COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E051DAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x52cd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x52c7b9c; // 0x0
					_t53 = L051F4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0521B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0521F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L051E6C59(_t53, _t51, _t58) != 0) {
							_t28 = E05205E50(0x51bc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0520B230(_v32, _v28, 0x51bc2d8, 1,  &_v24);
								_t28 = E051DF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                            0x051daa25
                                            0x051daa29
                                            0x051daa2d
                                            0x051daa30
                                            0x051daa37
                                            0x051daa3c
                                            0x05234458
                                            0x05234458
                                            0x05234472
                                            0x05234474
                                            0x05234476
                                            0x051daa64
                                            0x051daa74
                                            0x0523447c
                                            0x05234483
                                            0x05234492
                                            0x051daa52
                                            0x051daa54
                                            0x051daa5e
                                            0x052344a8
                                            0x052344ad
                                            0x052344af
                                            0x052344b6
                                            0x052344b6
                                            0x052344b9
                                            0x052344bc
                                            0x052344cd
                                            0x052344d3
                                            0x052344d6
                                            0x052344e1
                                            0x052344e1
                                            0x052344e6
                                            0x052344e8
                                            0x052344fb
                                            0x052344fb
                                            0x052344e8
                                            0x00000000
                                            0x051daa5e
                                            0x05234476
                                            0x051daa42
                                            0x051daa46
                                            0x051daa48
                                            0x051daa4c
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 718744f9fd92e9e60e40a86035634ed6913a5e7808bf3b1a46f85a9c418ccd3a
                                            • Instruction ID: c759a3315f985086b2aae810c1c40c808c289bb277baeed56701f3f65ff6804c
                                            • Opcode Fuzzy Hash: 718744f9fd92e9e60e40a86035634ed6913a5e7808bf3b1a46f85a9c418ccd3a
                                            • Instruction Fuzzy Hash: BF31D1B1A1061AABCF14EF64CD86ABFB7B9FF44700F0540A9F905E7150E774A911DBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05218EC7 Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E05218EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x52cd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E05204E70(0x52c86e4, 0x5219490, 0, 0);
					if( *0x52c53e8 > 5 && E05218F33(0x52c53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x52c53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x52c53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x51bbc46;
						_t48 = E05257B9C(0x52c53e8, 0x51bbc46, _t67, 0x52c53e8, _t70,  &_v140);
					}
				}
				return E0521B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                            0x05218ec7
                                            0x05218ed9
                                            0x05218edc
                                            0x05218ee6
                                            0x05218ee9
                                            0x05218eee
                                            0x05218efc
                                            0x05218f08
                                            0x05251349
                                            0x05251353
                                            0x0525135d
                                            0x05251366
                                            0x0525136f
                                            0x05251375
                                            0x0525137c
                                            0x05251385
                                            0x05251390
                                            0x05251391
                                            0x0525139c
                                            0x0525139d
                                            0x052513a6
                                            0x052513ac
                                            0x052513b2
                                            0x052513b5
                                            0x052513bc
                                            0x052513bf
                                            0x052513c2
                                            0x052513c5
                                            0x052513c8
                                            0x052513cb
                                            0x052513ce
                                            0x052513d1
                                            0x052513d4
                                            0x052513d7
                                            0x052513da
                                            0x052513dd
                                            0x052513e0
                                            0x052513e3
                                            0x052513e6
                                            0x052513e9
                                            0x052513f6
                                            0x05251400
                                            0x05251400
                                            0x05218f08
                                            0x05218f32

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 925eeb8bc0a57024e67caae9dc26ac7e5c8db8d2ccb9fefc68ca726e740a7d26
                                            • Instruction ID: ffcee83345603a74d3e4904baee55b560d92a37e923519fec6fc56dfdeb08c41
                                            • Opcode Fuzzy Hash: 925eeb8bc0a57024e67caae9dc26ac7e5c8db8d2ccb9fefc68ca726e740a7d26
                                            • Instruction Fuzzy Hash: 2741B2B1D102189FDB14CFAAD981AAEFBF5FF48310F5041AEE909A7241D7749A44CF54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05214A2C Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E05214A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x52cd360 ^ _t62;
				_v8 =  *0x52cd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E051F2280(_t26, 0x52c8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E051EFFB0(_t41, _t51, 0x52c8608);
						L2:
						 *0x52cb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0521B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E051F2280(_t28, 0x52c8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E051EFFB0(_t42, _t53, 0x52c8608);
							if(_t53 != 0) {
								L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E051EFFB0(_t41, _t51, 0x52c8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                            0x05214a2c
                                            0x05214a34
                                            0x05214a3c
                                            0x05214a3e
                                            0x05214a48
                                            0x05214a4b
                                            0x05214a4d
                                            0x05214a51
                                            0x05214a9c
                                            0x00000000
                                            0x00000000
                                            0x05214aa3
                                            0x05214aa8
                                            0x05214aad
                                            0x05214ab1
                                            0x05214ade
                                            0x05214ae3
                                            0x05214a5a
                                            0x05214a62
                                            0x05214a6a
                                            0x05214a6e
                                            0x0524f203
                                            0x05214a84
                                            0x05214a88
                                            0x05214a89
                                            0x05214a8a
                                            0x05214a95
                                            0x05214a95
                                            0x05214a79
                                            0x05214a80
                                            0x05214af2
                                            0x05214af4
                                            0x05214af9
                                            0x05214aff
                                            0x05214b01
                                            0x05214b03
                                            0x05214b08
                                            0x0524f20a
                                            0x0524f212
                                            0x0524f216
                                            0x0524f216
                                            0x05214b08
                                            0x05214b13
                                            0x05214b1a
                                            0x0524f229
                                            0x0524f229
                                            0x05214b1a
                                            0x05214a82
                                            0x00000000
                                            0x05214a82
                                            0x05214ab7
                                            0x05214acd
                                            0x05214acd
                                            0x05214ad5
                                            0x05214ada
                                            0x00000000
                                            0x05214ada
                                            0x05214ac2
                                            0x05214acb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05214acb
                                            0x05214a53
                                            0x05214a53
                                            0x05214a58
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ea2b84d62f8ad37616206f4ab8f90674210b43e6ee5096d48e16f9f794e2245f
                                            • Instruction ID: 4f24f16af4e11ac0bd9e5cbb12ea3d2c57df7cee24b2e4dbc7ea13eafcdc7ed6
                                            • Opcode Fuzzy Hash: ea2b84d62f8ad37616206f4ab8f90674210b43e6ee5096d48e16f9f794e2245f
                                            • Instruction Fuzzy Hash: 4831D1322256529BCB21EF14C948B2BBBE6FFD4710F124569ED5A4B641CBB0E901CBC9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520E730 Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 74%
                                            			E0520E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E05219670() < 0) {
					L0522DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x52c7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L051F4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0520E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                            0x0520e730
                                            0x0520e736
                                            0x0520e738
                                            0x0520e73d
                                            0x0520e73e
                                            0x0520e740
                                            0x0520e749
                                            0x0520e765
                                            0x0520e76a
                                            0x0520e76b
                                            0x0520e76c
                                            0x0520e76d
                                            0x0520e76e
                                            0x0520e76f
                                            0x0520e775
                                            0x0520e777
                                            0x0520e77e
                                            0x0524b675
                                            0x0520e784
                                            0x0520e784
                                            0x0520e789
                                            0x0520e7a8
                                            0x0520e7ac
                                            0x0520e807
                                            0x0520e7ae
                                            0x0520e7ae
                                            0x0520e7b1
                                            0x0520e7b4
                                            0x0520e7b9
                                            0x0520e7c0
                                            0x0520e7c4
                                            0x0520e7ca
                                            0x0520e7cc
                                            0x00000000
                                            0x0520e7d3
                                            0x0520e7d6
                                            0x00000000
                                            0x00000000
                                            0x0520e7ff
                                            0x0520e802
                                            0x00000000
                                            0x00000000
                                            0x0520e7f9
                                            0x0520e7fc
                                            0x00000000
                                            0x00000000
                                            0x0520e7f3
                                            0x0520e7f6
                                            0x00000000
                                            0x00000000
                                            0x0520e7ed
                                            0x0520e7f0
                                            0x00000000
                                            0x00000000
                                            0x0520e7e7
                                            0x0520e7ea
                                            0x00000000
                                            0x00000000
                                            0x0524b685
                                            0x0524b688
                                            0x00000000
                                            0x00000000
                                            0x0524b682
                                            0x00000000
                                            0x00000000
                                            0x0520e7cc
                                            0x0520e7d9
                                            0x0520e7dc
                                            0x0520e7de
                                            0x0520e7de
                                            0x0520e7ac
                                            0x0520e7e4
                                            0x0520e74b
                                            0x0520e751
                                            0x0520e759
                                            0x0520e761
                                            0x0520e761

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 24475eb4b36eb8598a11e4bb5b7897b97216998d2a0f2adb18276ec21761a557
                                            • Instruction ID: 61d6d59a65485c4956d7a39c9308c79d4d9138b49b07a3c0193e8662e6c9848c
                                            • Opcode Fuzzy Hash: 24475eb4b36eb8598a11e4bb5b7897b97216998d2a0f2adb18276ec21761a557
                                            • Instruction Fuzzy Hash: 17318D75A24249AFD744CF18D845B9ABBE8FF08310F158656F908CB392D671E980CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520BC2C Relevance: .1, Instructions: 88COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E0520BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x52c6100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E051F2280(0xd, 0x19ddf1a0);
				_t41 =  *0x52c60f8; // 0x0
				if(_t41 != 0) {
					 *0x52c60f8 =  *_t41;
					 *0x52c60fc =  *0x52c60fc + 0xffff;
				}
				E051EFFB0(_t41, 0x800, 0x19ddf1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x52c60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L051F4620(0x52c6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x52c6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                            0x0520bc36
                                            0x0520bc42
                                            0x0520bc45
                                            0x0520bc4a
                                            0x0520bd35
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0520bc50
                                            0x0520bc50
                                            0x0520bc58
                                            0x0520bc5a
                                            0x0520bc60
                                            0x00000000
                                            0x00000000
                                            0x0524a4f2
                                            0x0524a4f6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0524a4fc
                                            0x0520bc79
                                            0x0520bc7e
                                            0x0520bc86
                                            0x0520bd16
                                            0x0520bd20
                                            0x0520bd20
                                            0x0520bc8d
                                            0x0520bc94
                                            0x0520bcbd
                                            0x0520bcca
                                            0x0520bccb
                                            0x0520bccc
                                            0x0520bccd
                                            0x0520bcce
                                            0x0520bcd4
                                            0x0520bcea
                                            0x0520bcee
                                            0x0520bcf2
                                            0x0520bd00
                                            0x0520bd04
                                            0x00000000
                                            0x0520bc96
                                            0x0520bcab
                                            0x0520bcaf
                                            0x0520bd2c
                                            0x0520bd2c
                                            0x0520bd09
                                            0x00000000
                                            0x0520bd09
                                            0x0520bcb1
                                            0x0520bcb5
                                            0x0520bcbb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0520bcbb

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c3f550650e845c6ed42f60b9c9c9b50a240faf261c394e453117648752618ad4
                                            • Instruction ID: 19fea2d4c06ea915b802c1ae62f56640b839ad24edfae83806fc9fbad4907168
                                            • Opcode Fuzzy Hash: c3f550650e845c6ed42f60b9c9c9b50a240faf261c394e453117648752618ad4
                                            • Instruction Fuzzy Hash: 9F31E2366216169FCB21DF58D4817AA7B65FF18311F000079E909EB283EBB5A9068B80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05201DB5 Relevance: .1, Instructions: 87COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 60%
                                            			E05201DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E051FF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L051F4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E051FF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                            0x05201dc2
                                            0x05201dc5
                                            0x05201dc7
                                            0x05201dcc
                                            0x05201dce
                                            0x05201dd6
                                            0x05201ddf
                                            0x05201de0
                                            0x05201de1
                                            0x05201de5
                                            0x05201de8
                                            0x05201def
                                            0x05201df0
                                            0x05201df6
                                            0x05201df7
                                            0x05201dfe
                                            0x05201e1a
                                            0x00000000
                                            0x00000000
                                            0x05201e0b
                                            0x05201e12
                                            0x05201e12
                                            0x05201e00
                                            0x05201e00
                                            0x05201e05
                                            0x05201e1e
                                            0x05201e23
                                            0x0524570f
                                            0x05245713
                                            0x00000000
                                            0x00000000
                                            0x05245719
                                            0x05245719
                                            0x05201e2c
                                            0x05201e2d
                                            0x05201e2e
                                            0x05201e2f
                                            0x05201e31
                                            0x05201e32
                                            0x05201e35
                                            0x05201e3d
                                            0x05245723
                                            0x0524573d
                                            0x0524573d
                                            0x00000000
                                            0x05245723
                                            0x05201e49
                                            0x05201e4e
                                            0x05201e4e
                                            0x05201e09
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                            • Instruction ID: b2e93e3bd9aeb59c14fafcdba2af3df49e4c1374ee090ce1f486fa39c5456078
                                            • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                            • Instruction Fuzzy Hash: A421BC72621209EBC726CF99CC84EAFBBB9FF85780F104065E9059B251D270AE51CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051D9100 Relevance: .1, Instructions: 87COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 76%
                                            			E051D9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x52af6e8);
				E0522D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E052A88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0522D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x52c86c0; // 0x9007b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x52c86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E051F2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E052A88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0521AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x52cb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x52c84c0;
										if(_t69 >=  *0x52c84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E052A9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E051D922A(_t82);
							_t53 = E051F7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E052A8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x52c86c0; // 0x9007b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x52c86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x52c86bc;
										_t72 = 0x52c86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E051D9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x52c86c4;
									_t72 = 0x52c86c0;
									L18:
									E05209B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                            0x051d9100
                                            0x051d9100
                                            0x051d9100
                                            0x051d9100
                                            0x051d9102
                                            0x051d9107
                                            0x051d910c
                                            0x051d9110
                                            0x051d9115
                                            0x051d9136
                                            0x051d9143
                                            0x052337e4
                                            0x052337e4
                                            0x051d9149
                                            0x051d914e
                                            0x051d914e
                                            0x051d9117
                                            0x051d911d
                                            0x00000000
                                            0x00000000
                                            0x051d911f
                                            0x051d9125
                                            0x00000000
                                            0x051d9151
                                            0x051d9158
                                            0x051d915d
                                            0x051d9161
                                            0x051d9168
                                            0x05233715
                                            0x00000000
                                            0x051d916e
                                            0x051d916e
                                            0x051d9175
                                            0x051d9177
                                            0x051d917e
                                            0x051d917f
                                            0x051d9182
                                            0x051d9182
                                            0x051d9187
                                            0x051d9187
                                            0x051d918a
                                            0x051d918d
                                            0x051d918f
                                            0x051d9192
                                            0x051d9195
                                            0x051d9198
                                            0x051d9198
                                            0x051d9198
                                            0x051d919a
                                            0x00000000
                                            0x00000000
                                            0x0523371f
                                            0x05233721
                                            0x05233727
                                            0x0523372f
                                            0x05233733
                                            0x05233735
                                            0x05233738
                                            0x0523373b
                                            0x0523373d
                                            0x05233740
                                            0x00000000
                                            0x00000000
                                            0x05233746
                                            0x05233749
                                            0x00000000
                                            0x00000000
                                            0x0523374f
                                            0x05233751
                                            0x00000000
                                            0x00000000
                                            0x05233757
                                            0x05233759
                                            0x0523375c
                                            0x0523375c
                                            0x0523375e
                                            0x0523375e
                                            0x05233761
                                            0x05233764
                                            0x00000000
                                            0x00000000
                                            0x05233766
                                            0x05233768
                                            0x052337a3
                                            0x052337a3
                                            0x052337a5
                                            0x052337a7
                                            0x052337ad
                                            0x052337b0
                                            0x052337b2
                                            0x052337bc
                                            0x052337c2
                                            0x052337c2
                                            0x052337b2
                                            0x051d9187
                                            0x051d9187
                                            0x051d918a
                                            0x051d918d
                                            0x051d918f
                                            0x051d9192
                                            0x051d9195
                                            0x00000000
                                            0x051d9195
                                            0x00000000
                                            0x051d9187
                                            0x0523376a
                                            0x0523376a
                                            0x0523376c
                                            0x0523376c
                                            0x0523376f
                                            0x05233775
                                            0x00000000
                                            0x00000000
                                            0x05233777
                                            0x05233779
                                            0x00000000
                                            0x00000000
                                            0x05233782
                                            0x05233787
                                            0x05233789
                                            0x05233790
                                            0x05233790
                                            0x0523378b
                                            0x0523378b
                                            0x0523378b
                                            0x05233792
                                            0x05233795
                                            0x05233795
                                            0x05233798
                                            0x05233798
                                            0x0523379b
                                            0x0523379b
                                            0x051d91a3
                                            0x051d91a9
                                            0x051d91b0
                                            0x051d91b4
                                            0x051d91b4
                                            0x051d91bb
                                            0x051d91c0
                                            0x051d91c5
                                            0x051d91c7
                                            0x052337da
                                            0x051d91cd
                                            0x051d91cd
                                            0x051d91cd
                                            0x051d91d2
                                            0x051d91d5
                                            0x051d9239
                                            0x051d9239
                                            0x051d91d7
                                            0x051d91db
                                            0x051d91e1
                                            0x051d91e7
                                            0x051d91fd
                                            0x051d9203
                                            0x051d921e
                                            0x051d9223
                                            0x00000000
                                            0x051d9223
                                            0x051d9205
                                            0x051d9208
                                            0x051d920c
                                            0x051d9214
                                            0x051d9214
                                            0x051d91e9
                                            0x051d91e9
                                            0x051d91ee
                                            0x051d91f3
                                            0x051d91f3
                                            0x051d91f3
                                            0x051d91e7
                                            0x00000000
                                            0x051d91db
                                            0x051d9187
                                            0x051d9168

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 778a134531f9d00adc69cee6fdffc2f60d35a5c7ffd22dd06b05457cebb76b48
                                            • Instruction ID: 6bc7217897c101622403a76b3e6572537142aaf5c11e833f070f02a8c5ec34fc
                                            • Opcode Fuzzy Hash: 778a134531f9d00adc69cee6fdffc2f60d35a5c7ffd22dd06b05457cebb76b48
                                            • Instruction Fuzzy Hash: 9531C5B5A15245DFDB25DF68C48CBACFBF2BF48324F29824AD41567381C774A980CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051F0050 Relevance: .1, Instructions: 81COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E051F0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x52cd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E05209ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0521B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E052A8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E05209702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x52cb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                            0x051f0055
                                            0x051f005d
                                            0x051f0062
                                            0x051f006c
                                            0x051f006f
                                            0x051f0074
                                            0x051f007a
                                            0x051f007a
                                            0x051f0080
                                            0x051f0080
                                            0x051f0087
                                            0x051f008d
                                            0x051f008f
                                            0x051f0093
                                            0x051f0095
                                            0x051f009b
                                            0x051f00f8
                                            0x051f00fb
                                            0x051f00fc
                                            0x051f00ff
                                            0x051f0108
                                            0x051f0108
                                            0x051f00a2
                                            0x051f00a6
                                            0x051f00b3
                                            0x051f00bc
                                            0x051f00c5
                                            0x051f00ca
                                            0x0523c01e
                                            0x00000000
                                            0x00000000
                                            0x0523c02d
                                            0x051f00d5
                                            0x051f00d9
                                            0x0523c03d
                                            0x0523c046
                                            0x0523c046
                                            0x051f00df
                                            0x051f00e2
                                            0x051f00ea
                                            0x051f00ef
                                            0x051f00f2
                                            0x051f00f6
                                            0x051f0111
                                            0x051f0117
                                            0x051f0117
                                            0x00000000
                                            0x051f00f6
                                            0x051f00d0
                                            0x051f00d0
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3a157c0205df66213ef6514caffd049c0318d0d5c566fade037c868e0e1586de
                                            • Instruction ID: b5fcf99e4e3278c1b8fd906bc65555165307bca8520bf2e0aa5ce4d5bdb84537
                                            • Opcode Fuzzy Hash: 3a157c0205df66213ef6514caffd049c0318d0d5c566fade037c868e0e1586de
                                            • Instruction Fuzzy Hash: A731CE31212B04CFC725CB28C848B6AB3E6FF88310F14456DE59B87791EB31AC01CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05256C0A Relevance: .1, Instructions: 79COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E05256C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E051F7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x52c7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L051F4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0521F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E051F7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E05219AE0();
						_t23 = L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                            0x05256c0a
                                            0x05256c0f
                                            0x05256c10
                                            0x05256c13
                                            0x05256c15
                                            0x05256c19
                                            0x05256c1c
                                            0x05256c21
                                            0x05256c28
                                            0x05256c3a
                                            0x05256c2a
                                            0x05256c33
                                            0x05256c33
                                            0x05256c3f
                                            0x05256c48
                                            0x05256c4d
                                            0x05256c60
                                            0x05256c65
                                            0x05256c69
                                            0x05256c73
                                            0x05256c79
                                            0x05256c7f
                                            0x05256c86
                                            0x05256c90
                                            0x05256c94
                                            0x05256ca6
                                            0x05256cb2
                                            0x05256cbd
                                            0x05256cbd
                                            0x05256cc3
                                            0x05256cc7
                                            0x05256ccb
                                            0x05256cd0
                                            0x05256cd1
                                            0x05256ce2
                                            0x05256ce2
                                            0x05256c69
                                            0x05256ced

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1df03ebda6ace33f85ebd6f02e9d2ebc734cc9f66777c6019db020a3cf6c22eb
                                            • Instruction ID: 4415b4c4707ff11043f436a0a4ebb0eb8ecd4da3c697f8eee5bb3985e825fb83
                                            • Opcode Fuzzy Hash: 1df03ebda6ace33f85ebd6f02e9d2ebc734cc9f66777c6019db020a3cf6c22eb
                                            • Instruction Fuzzy Hash: 8921AB72A10644AFC715DB68D888E6AB7B8FF48710F140069F909C7791D734ED10CBA8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052190AF Relevance: .1, Instructions: 76COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E052190AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0522D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0520E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L051F4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0521F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0520A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                            0x052190af
                                            0x052190b8
                                            0x052190bb
                                            0x052190bf
                                            0x052190c2
                                            0x052190c2
                                            0x052190c8
                                            0x052190cb
                                            0x052190cd
                                            0x052514d7
                                            0x052514eb
                                            0x052514eb
                                            0x00000000
                                            0x052514eb
                                            0x052514db
                                            0x052514e6
                                            0x00000000
                                            0x052514f2
                                            0x052514e8
                                            0x00000000
                                            0x052514e8
                                            0x052190d8
                                            0x052190da
                                            0x052190dd
                                            0x052190e5
                                            0x00000000
                                            0x05219139
                                            0x052190fa
                                            0x052190fe
                                            0x05219142
                                            0x00000000
                                            0x05219142
                                            0x05219104
                                            0x05219107
                                            0x0521910b
                                            0x05219110
                                            0x05219118
                                            0x05219147
                                            0x05219148
                                            0x0521914f
                                            0x05219150
                                            0x05219151
                                            0x05219152
                                            0x05219156
                                            0x0521915d
                                            0x05219160
                                            0x05219168
                                            0x0521916c
                                            0x052191bc
                                            0x052191be
                                            0x00000000
                                            0x052191be
                                            0x0521916e
                                            0x05219173
                                            0x05219176
                                            0x00000000
                                            0x00000000
                                            0x0521917c
                                            0x05219180
                                            0x052191b5
                                            0x00000000
                                            0x052191b5
                                            0x05219182
                                            0x05219185
                                            0x05219189
                                            0x00000000
                                            0x00000000
                                            0x0521918e
                                            0x05219190
                                            0x05219198
                                            0x00000000
                                            0x00000000
                                            0x052191a0
                                            0x00000000
                                            0x052191ad
                                            0x052191ad
                                            0x052191b0
                                            0x052191b1
                                            0x00000000
                                            0x05219185
                                            0x0521911a
                                            0x0521911c
                                            0x0521911f
                                            0x05219125
                                            0x05219127
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                            • Instruction ID: 14bf73b3924fbfa5f34aa118529a9ef035bcacf86be8bda011bef467840ee2dc
                                            • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                            • Instruction Fuzzy Hash: B8217F71A10205EFDB21DF59C844E6BF7F9EF54320F14886AE989A7240D370AD94CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05203B7A Relevance: .1, Instructions: 75COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 59%
                                            			E05203B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x52c84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x52c84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L051F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x52c84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0521AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0521FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x52c84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x52c84c4; // 0x0
					L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                            0x05203b89
                                            0x05203b96
                                            0x05203ba1
                                            0x05203bab
                                            0x05203bb5
                                            0x05203bb9
                                            0x05246298
                                            0x05203bbf
                                            0x05203bc2
                                            0x05203bc3
                                            0x05203bc9
                                            0x05203bca
                                            0x05203bcc
                                            0x05203bcd
                                            0x05203bd4
                                            0x05203bd6
                                            0x05203bdb
                                            0x05203bea
                                            0x05203bf7
                                            0x05203bfb
                                            0x05203bff
                                            0x05203c09
                                            0x05203c0a
                                            0x05203c0b
                                            0x05203c0f
                                            0x05203c14
                                            0x05203c18
                                            0x05203c18
                                            0x05203bfb
                                            0x05203c1b
                                            0x05203c30
                                            0x05203c30
                                            0x05203c3d

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 757d1714cceee050fe8b44a445b9176d4f49d07ae71caad13cf12ab4da196f6e
                                            • Instruction ID: dc8533d1d34f0f46d30c505ba68c314bea8fd7dc94e354b7f21435b4d070a0f1
                                            • Opcode Fuzzy Hash: 757d1714cceee050fe8b44a445b9176d4f49d07ae71caad13cf12ab4da196f6e
                                            • Instruction Fuzzy Hash: 0121B072610504AFC710DF58DD85B6ABBBDFF40318F2500A8EA08EB292C771AD01CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05256CF0 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E05256CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E051F7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E051F7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x51b5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0520F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0520F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E05257016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L051F2400( &_v52);
								}
								_t21 = L051F2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                            0x05256cfb
                                            0x05256d00
                                            0x05256d02
                                            0x05256d06
                                            0x05256d0a
                                            0x05256d0e
                                            0x05256d19
                                            0x05256d2b
                                            0x05256d1b
                                            0x05256d24
                                            0x05256d24
                                            0x05256d33
                                            0x05256d39
                                            0x05256d46
                                            0x05256d4f
                                            0x05256d61
                                            0x05256d51
                                            0x05256d5a
                                            0x05256d5a
                                            0x05256d69
                                            0x05256d6b
                                            0x05256d6d
                                            0x05256d6f
                                            0x05256d6f
                                            0x05256d74
                                            0x05256d79
                                            0x05256d7a
                                            0x05256d7f
                                            0x05256d82
                                            0x05256d88
                                            0x05256d89
                                            0x05256d90
                                            0x05256d94
                                            0x05256da7
                                            0x05256db1
                                            0x05256db1
                                            0x05256dbb
                                            0x05256dbb
                                            0x05256d90
                                            0x05256d69
                                            0x05256d46
                                            0x05256dc6

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 032e5ccf8f315c944bcdb879f3416e77b2b5379493dc8c24c12ac21e76ec85df
                                            • Instruction ID: 1b6e5d013cd31e33fea87384f37edb3e5f5c20571af2ac854b20205faa0207cf
                                            • Opcode Fuzzy Hash: 032e5ccf8f315c944bcdb879f3416e77b2b5379493dc8c24c12ac21e76ec85df
                                            • Instruction Fuzzy Hash: 1F2122326162469BD721DF28C948B6BB7ECFF81260F480856FD44C72A1E734E908C7A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A070D Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E052A070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E052A07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0529AFDE( &_v8,  &_v12);
					E052A1293(_t38, _v28, _t60);
					if(E051F7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E052914FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                            0x052a071b
                                            0x052a0724
                                            0x052a0734
                                            0x052a0738
                                            0x052a074b
                                            0x052a074b
                                            0x052a0753
                                            0x052a0753
                                            0x052a0759
                                            0x052a075d
                                            0x052a0774
                                            0x052a0779
                                            0x052a077d
                                            0x052a0789
                                            0x052a0795
                                            0x052a07a7
                                            0x052a0797
                                            0x052a07a0
                                            0x052a07a0
                                            0x052a07af
                                            0x052a07c4
                                            0x052a07cd
                                            0x052a07cd
                                            0x052a07af
                                            0x052a07dc

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                            • Instruction ID: d5deb9d1e40fd04b2e381603312db71b8a387abbc5fa4c4eaedbb205111f664e
                                            • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                            • Instruction Fuzzy Hash: 8921D0363182009FD716DF18CC88A6ABBA5FFC4350F048569F9998B385D730D919CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05257794 Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E05257794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x52c7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L051F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0521F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E051F7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E05219AE0();
					_t24 = L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                            0x05257799
                                            0x0525779a
                                            0x0525779b
                                            0x052577a3
                                            0x052577ab
                                            0x052577ae
                                            0x052577b1
                                            0x052577b1
                                            0x052577bf
                                            0x052577c4
                                            0x052577c8
                                            0x052577ce
                                            0x052577d4
                                            0x052577e0
                                            0x052577e0
                                            0x052577d6
                                            0x052577d6
                                            0x052577de
                                            0x00000000
                                            0x00000000
                                            0x052577de
                                            0x052577e5
                                            0x052577f0
                                            0x052577f3
                                            0x052577f6
                                            0x052577fd
                                            0x05257800
                                            0x0525780c
                                            0x05257818
                                            0x0525782b
                                            0x0525781a
                                            0x05257823
                                            0x05257823
                                            0x05257830
                                            0x05257831
                                            0x05257838
                                            0x0525783d
                                            0x0525783e
                                            0x0525784f
                                            0x0525784f
                                            0x0525785a

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2533caf53750137f830a23c7fecd0926030fb29740807b1f364da325a21e1aa3
                                            • Instruction ID: ea09142c702597be9d4536ceb9dac87596485d1d5e4cca76dcc1690310277df4
                                            • Opcode Fuzzy Hash: 2533caf53750137f830a23c7fecd0926030fb29740807b1f364da325a21e1aa3
                                            • Instruction Fuzzy Hash: 8F219F72650604ABC725DF69D894E6BBBA9FF48390F14056DFA0AC7750D634E900CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051FAE73 Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E051FAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E051F7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E051F7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E051F7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E051F7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E05257794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                            0x051fae78
                                            0x051fae7c
                                            0x051fae7e
                                            0x051fae81
                                            0x051fae86
                                            0x051fae8d
                                            0x05242691
                                            0x051fae93
                                            0x051fae93
                                            0x051fae93
                                            0x051fae98
                                            0x051fae9d
                                            0x052426a2
                                            0x052426b4
                                            0x052426a4
                                            0x052426ad
                                            0x052426ad
                                            0x052426b9
                                            0x00000000
                                            0x052426bb
                                            0x00000000
                                            0x052426bb
                                            0x051faea3
                                            0x051faea3
                                            0x051faea3
                                            0x051faeaa
                                            0x052426c0
                                            0x052426c9
                                            0x052426c9
                                            0x051faeb3
                                            0x052426d4
                                            0x052426e1
                                            0x00000000
                                            0x00000000
                                            0x052426e7
                                            0x052426ee
                                            0x052426f0
                                            0x052426f9
                                            0x052426f9
                                            0x05242702
                                            0x05242708
                                            0x05242708
                                            0x0524270b
                                            0x0524270f
                                            0x05242711
                                            0x05242711
                                            0x05242725
                                            0x05242725
                                            0x00000000
                                            0x051faeb9
                                            0x051faeb9
                                            0x051faebf
                                            0x051faebf
                                            0x051faeb3

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                            • Instruction ID: 90ffb6ee2abfe45947a48269086e08d4b4d015d9f554474386ca369c45ed15d0
                                            • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                            • Instruction Fuzzy Hash: 2D21D739615681DFD729DB26C948B3577D9FF44350F0A00A0EE098B792D778DC40CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520FD9B Relevance: .1, Instructions: 69COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E0520FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E051E76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L051F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                            0x0520fd9b
                                            0x0520fda0
                                            0x0520fda1
                                            0x0520fdab
                                            0x0520fdad
                                            0x0520fdb0
                                            0x0520fdb8
                                            0x0520fe0f
                                            0x0520fde6
                                            0x0520fde9
                                            0x0520fdec
                                            0x0524c0c0
                                            0x0520fdfe
                                            0x0520fe06
                                            0x0520fe06
                                            0x0524c0c8
                                            0x0520fe2d
                                            0x0520fe2d
                                            0x00000000
                                            0x0520fe2d
                                            0x0524c0d1
                                            0x0524c0e0
                                            0x0524c0e5
                                            0x0524c0e5
                                            0x0524c0e8
                                            0x00000000
                                            0x0524c0e8
                                            0x0520fdf4
                                            0x00000000
                                            0x00000000
                                            0x0520fdf6
                                            0x0520fdfa
                                            0x0520fe1a
                                            0x0520fe1f
                                            0x0520fe1f
                                            0x0520fdfc
                                            0x00000000
                                            0x0520fdfc
                                            0x0520fdcc
                                            0x0520fdd0
                                            0x0520fe26
                                            0x00000000
                                            0x0520fe26
                                            0x0520fdd8
                                            0x0520fddb
                                            0x0520fddd
                                            0x0520fde0
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                            • Instruction ID: c6ee3408188fbf84338872a1a7c9c1d806cab41ae0f10b3461250aa9b2edd705
                                            • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                            • Instruction Fuzzy Hash: 8121AC726A6A41DBC734CF09C640E62B7E6FF94A10F21916EE94A87662D730AC01CB80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520B390 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 54%
                                            			E0520B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E051F2280(_t12, 0x52c8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E052100C2(0x52c8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                            0x0520b395
                                            0x0520b3a2
                                            0x0520b3a5
                                            0x0520b3aa
                                            0x0520b3b2
                                            0x0520b3ba
                                            0x0520b3bd
                                            0x0520b3c0
                                            0x0520b3c4
                                            0x0520b3c9
                                            0x0524a3e9
                                            0x0524a3ed
                                            0x0524a3f0
                                            0x0524a3ff
                                            0x0524a403
                                            0x0524a409
                                            0x00000000
                                            0x00000000
                                            0x0524a40b
                                            0x0524a40b
                                            0x0524a40f
                                            0x0524a415
                                            0x0524a423
                                            0x0524a423
                                            0x0524a415
                                            0x0520b3d1
                                            0x0520b3e8
                                            0x0520b3e8
                                            0x0520b3d9

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1d3dbfd701c740b127f733b961c28957a1f87f2567b974775763c9f00b63b6b6
                                            • Instruction ID: 301d94e0e2fab7466d7b7ea5c6b8bacb2aa7f1c373b035c83318e1982c32afbc
                                            • Opcode Fuzzy Hash: 1d3dbfd701c740b127f733b961c28957a1f87f2567b974775763c9f00b63b6b6
                                            • Instruction Fuzzy Hash: 081125323361209BCB2CDA149D81A6F7667EFC5230B34526DE91A873C1DE71AC02C7D4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051D9240 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E051D9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x52af708);
				E0522D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E052195D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E052195D0();
				_t33 =  *0x52c84c4; // 0x0
				L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x52c84c4; // 0x0
				L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x52c84c4; // 0x0
				E051F2280(L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x52c86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E052195D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E052195D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E051D9325();
					_t50 =  *0x52c84c4; // 0x0
					return E0522D0D1(L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                            0x051d9240
                                            0x051d9242
                                            0x051d9247
                                            0x051d924c
                                            0x051d924e
                                            0x051d9255
                                            0x051d9257
                                            0x051d925a
                                            0x051d925f
                                            0x051d925f
                                            0x051d9266
                                            0x051d9271
                                            0x051d9276
                                            0x051d9279
                                            0x051d927e
                                            0x051d9295
                                            0x051d929a
                                            0x051d92b1
                                            0x051d92b6
                                            0x051d92d7
                                            0x051d92dc
                                            0x051d92e0
                                            0x051d92e6
                                            0x051d92e8
                                            0x051d92ee
                                            0x051d9332
                                            0x051d9333
                                            0x051d9337
                                            0x051d9338
                                            0x051d933a
                                            0x051d933a
                                            0x051d933d
                                            0x051d9342
                                            0x051d9342
                                            0x051d9345
                                            0x051d9349
                                            0x051d934e
                                            0x051d9352
                                            0x051d9357
                                            0x051d92f4
                                            0x051d92f4
                                            0x051d92f6
                                            0x051d92f9
                                            0x051d9300
                                            0x051d9306
                                            0x051d9324
                                            0x051d9324

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: b4e29c4f9c65751abca541932af3c491f1e207f687308a81f2845adaf83a04a2
                                            • Instruction ID: 565381933c6b6bb92a8997e25bdd2a7e288dab03b3617f78c8759b9b54f92564
                                            • Opcode Fuzzy Hash: b4e29c4f9c65751abca541932af3c491f1e207f687308a81f2845adaf83a04a2
                                            • Instruction Fuzzy Hash: 96212F71261A00EFC721EF68CA48F5ABBF9FF08704F1445A8E149976A2CB35E941DB54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05264257 Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 90%
                                            			E05264257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x52b08d0);
				E0522D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E052641E8(__ebx, __edi, __ecx, _t39);
				E051EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x52c87e4;
					_t18 =  *0x52c87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x52c5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x52c87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x52c87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L051D7055(_t31 + 0xfffffff8);
								_t24 =  *0x52c87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x52c87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x52c5cd0;
				if( *0x52c5cd0 <= 0) {
					L051D7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x52c87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x52c87e8 = _t30;
						 *0x52c87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0522D0D1(L05264320());
			}















                                            0x05264257
                                            0x05264257
                                            0x05264257
                                            0x05264259
                                            0x0526425e
                                            0x05264263
                                            0x05264265
                                            0x05264273
                                            0x05264278
                                            0x0526427c
                                            0x0526427f
                                            0x05264281
                                            0x05264287
                                            0x052642d7
                                            0x052642d7
                                            0x052642da
                                            0x0526428d
                                            0x0526428d
                                            0x0526428f
                                            0x05264292
                                            0x05264297
                                            0x0526429c
                                            0x052642a0
                                            0x052642a6
                                            0x052642a8
                                            0x052642ae
                                            0x052642b3
                                            0x00000000
                                            0x052642ba
                                            0x052642ba
                                            0x052642bf
                                            0x052642c5
                                            0x052642ca
                                            0x052642cf
                                            0x052642d0
                                            0x00000000
                                            0x052642d0
                                            0x052642b3
                                            0x00000000
                                            0x052642a6
                                            0x0526429c
                                            0x052642dc
                                            0x052642dc
                                            0x052642e3
                                            0x05264309
                                            0x052642e5
                                            0x052642e5
                                            0x052642e8
                                            0x052642ee
                                            0x052642f0
                                            0x00000000
                                            0x052642f2
                                            0x052642f2
                                            0x052642f4
                                            0x052642f7
                                            0x052642f9
                                            0x05264300
                                            0x05264300
                                            0x052642f0
                                            0x0526430e
                                            0x0526431f

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: da578e7fac91c0daa25113512d05ccf2b2d6dbd086c3c38a8f150d5aaf043258
                                            • Instruction ID: 4d3b3263c252abc09e235a71afde3f95d754180534496ef82125e63b9a2703fc
                                            • Opcode Fuzzy Hash: da578e7fac91c0daa25113512d05ccf2b2d6dbd086c3c38a8f150d5aaf043258
                                            • Instruction Fuzzy Hash: BE215B75621641DFCB15EF24E089A24BFB1FF45314B60C2AEE1899F2D2EB31D585CB80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052546A7 Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E052546A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L051F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0521F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0520D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L051F77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                            0x052546b7
                                            0x052546ba
                                            0x052546c5
                                            0x052546c8
                                            0x052546d0
                                            0x052546d4
                                            0x052546e6
                                            0x052546e9
                                            0x052546f4
                                            0x052546ff
                                            0x05254705
                                            0x05254706
                                            0x0525470c
                                            0x05254713
                                            0x0525471b
                                            0x05254723
                                            0x05254725
                                            0x052546d6
                                            0x052546d9
                                            0x052546db
                                            0x052546db
                                            0x05254732

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                            • Instruction ID: 83764446e5f699a9b88ede7f9dc4669fd5a7e511686a008f92d8a6c84dd108c1
                                            • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                            • Instruction Fuzzy Hash: B611C272614208BBCB05AF6C98809BEF7B9EF95310F10806AFD4487351DA319D55D7A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05202397 Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 34%
                                            			E05202397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x52c848c != 0) {
					L051FFAD0(0x52c8610);
					if( *0x52c848c == 0) {
						E051FFA00(0x52c8610, _t19, _t27, 0x52c8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E05202581(0x52c8610, 0x51b50a0, _t26, _t27, _t28);
						E051FFA00(0x52c8610, 0x51b50a0, _t27, 0x52c8610);
					}
				} else {
					L1:
					_t11 =  *0x52c8614; // 0x0
					if(_t11 == 0) {
						_t11 = E05214886(0x51b1088, 1, 0x52c8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E05202581(0x52c8610, (_t11 << 4) + 0x51b5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                            0x052023b0
                                            0x052023b6
                                            0x05202409
                                            0x05202415
                                            0x05245ae9
                                            0x00000000
                                            0x0520241b
                                            0x0520241b
                                            0x0520241d
                                            0x05202427
                                            0x0520242e
                                            0x05202430
                                            0x05202430
                                            0x052023b8
                                            0x052023b8
                                            0x052023b8
                                            0x052023bf
                                            0x052023fc
                                            0x052023fc
                                            0x052023c1
                                            0x052023c3
                                            0x052023d0
                                            0x052023d8
                                            0x052023d8
                                            0x052023dc
                                            0x052023de
                                            0x052023e1
                                            0x052023e1
                                            0x052023ec

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 903993b2bf35fb87c8415c26a269e36ebb4d6eaf0ef647d7e805a7a93a082b8e
                                            • Instruction ID: 9f8541b2d57b1f72fcb2273de97c5167dfa5d00185b48aa54e24b5d4da88d946
                                            • Opcode Fuzzy Hash: 903993b2bf35fb87c8415c26a269e36ebb4d6eaf0ef647d7e805a7a93a082b8e
                                            • Instruction Fuzzy Hash: 07116B31724300A7E734A729EC8CB26BADAFF50610F159067F60AA72C3CAF4D8018754
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052137F5 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E052137F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E051F2280(_t6, 0x52c8550);
				}
				_t29 = E0521387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E051EFFB0(0x52c8550, _t27, 0x52c8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                            0x052137fa
                                            0x052137fc
                                            0x05213805
                                            0x05213808
                                            0x05213808
                                            0x05213814
                                            0x05213818
                                            0x05213846
                                            0x05213848
                                            0x0521384b
                                            0x0521384b
                                            0x05213852
                                            0x00000000
                                            0x05213854
                                            0x05213856
                                            0x00000000
                                            0x00000000
                                            0x05213863
                                            0x00000000
                                            0x05213863
                                            0x0521381a
                                            0x0521381a
                                            0x0521381f
                                            0x0521386e
                                            0x0521386e
                                            0x05213871
                                            0x05213873
                                            0x05213873
                                            0x05213868
                                            0x00000000
                                            0x05213868
                                            0x05213821
                                            0x05213826
                                            0x00000000
                                            0x00000000
                                            0x05213828
                                            0x0521382a
                                            0x05213841
                                            0x00000000
                                            0x05213841

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dd90f74144a68a6f94aa1c116eee1bb63dad6a70dbdada656b84403bdac0fc57
                                            • Instruction ID: 6f080de6a0a861b297e7390deaddb996e905c081d8b5adecce461d9658bd730f
                                            • Opcode Fuzzy Hash: dd90f74144a68a6f94aa1c116eee1bb63dad6a70dbdada656b84403bdac0fc57
                                            • Instruction Fuzzy Hash: FA01E5B2A215119BC326CB199944E27BBE7EFA1A607174869ED0E8B241CF30C801C7C4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051DC962 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 42%
                                            			E051DC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x52cd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E051EEEF0(0x52c70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0525F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E051EEB70(_t29, 0x52c70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0521B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0525F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x52c70c0; // 0x0
					while(_t38 != 0x52c70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x52cb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                            0x051dc96a
                                            0x051dc974
                                            0x051dc988
                                            0x051dc98a
                                            0x05247c9d
                                            0x05247c9f
                                            0x05247ca4
                                            0x05247cae
                                            0x05247cf0
                                            0x05247cf5
                                            0x05247cfa
                                            0x051dc992
                                            0x051dc996
                                            0x051dc997
                                            0x051dc998
                                            0x051dc9a3
                                            0x051dc9a3
                                            0x05247cb0
                                            0x05247cb7
                                            0x05247cbb
                                            0x00000000
                                            0x00000000
                                            0x05247cbd
                                            0x05247ce8
                                            0x05247cc5
                                            0x05247cc8
                                            0x05247cca
                                            0x05247cd0
                                            0x05247cd6
                                            0x05247cde
                                            0x05247ce4
                                            0x05247ce4
                                            0x05247cd0
                                            0x00000000
                                            0x05247ce8
                                            0x051dc990
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9f38886a247915526912fdc97c7fe6fe84f2b9b50e161ac642a1cfead8bddcba
                                            • Instruction ID: 7221fdc2e8fef19d8a61a90b03d784c95c31dc908e3355289ccb3a2b171676cb
                                            • Opcode Fuzzy Hash: 9f38886a247915526912fdc97c7fe6fe84f2b9b50e161ac642a1cfead8bddcba
                                            • Instruction Fuzzy Hash: 0411E5323306469BC714AF28DC89A2B7BE6FF84610B08062CF95683691DF60EC55CFD1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520002D Relevance: .1, Instructions: 55COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0520002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E051F7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E051F7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E051F7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E051F7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                            0x05200032
                                            0x05200037
                                            0x05200043
                                            0x05244b3a
                                            0x05200049
                                            0x05200049
                                            0x05200049
                                            0x0520004e
                                            0x05200053
                                            0x05244b48
                                            0x05244b5a
                                            0x05244b4a
                                            0x05244b53
                                            0x05244b53
                                            0x05244b5f
                                            0x00000000
                                            0x05244b61
                                            0x00000000
                                            0x05244b61
                                            0x05200059
                                            0x05200059
                                            0x05200060
                                            0x05244b6f
                                            0x05244b6f
                                            0x05200069
                                            0x05244b83
                                            0x00000000
                                            0x00000000
                                            0x05244b90
                                            0x05244b9b
                                            0x05244b9b
                                            0x05244ba4
                                            0x00000000
                                            0x00000000
                                            0x05244baa
                                            0x00000000
                                            0x0520006f
                                            0x0520006f
                                            0x00000000
                                            0x0520006f
                                            0x05200069

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                            • Instruction ID: b449edd9263f3eead6432184fd148567227b6affb205af4e1363db5e6e4f2532
                                            • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                            • Instruction Fuzzy Hash: 7C11E531A366828FEB26E764C548B3637D7FF40754F0900A0DD09876D3E36AD841CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051E766D Relevance: .1, Instructions: 54COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E051E766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0520F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0520F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L051F4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                            0x051e7672
                                            0x051e767f
                                            0x051e7689
                                            0x051e76de
                                            0x051e76de
                                            0x051e768b
                                            0x051e7691
                                            0x051e7693
                                            0x051e7697
                                            0x00000000
                                            0x051e7699
                                            0x051e76a8
                                            0x00000000
                                            0x051e76aa
                                            0x051e76ad
                                            0x051e76b1
                                            0x00000000
                                            0x051e76b3
                                            0x051e76b3
                                            0x051e76b5
                                            0x051e76ba
                                            0x051e76bc
                                            0x051e76bc
                                            0x051e76c0
                                            0x00000000
                                            0x051e76c2
                                            0x051e76ce
                                            0x051e76ce
                                            0x051e76c0
                                            0x051e76b1
                                            0x051e76a8
                                            0x051e7697
                                            0x051e76d9

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                            • Instruction ID: 400af0e6ca564f230854a49228ab6366eb677ce3e387e6c2656df1ed777b5c17
                                            • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                            • Instruction Fuzzy Hash: 2B01D432310559ABE720EE5ECD54E9B77ADEB89660B280124BA09CB294DB30DD41C3A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0526C450 Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 46%
                                            			E0526C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E05219910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E052195B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E052195D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E052195D0();
				return L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                            0x0526c458
                                            0x0526c45d
                                            0x0526c466
                                            0x0526c468
                                            0x0526c469
                                            0x0526c46a
                                            0x0526c46b
                                            0x0526c46e
                                            0x0526c46f
                                            0x0526c471
                                            0x0526c476
                                            0x0526c476
                                            0x0526c47c
                                            0x0526c47e
                                            0x0526c480
                                            0x0526c480
                                            0x0526c483
                                            0x0526c484
                                            0x0526c486
                                            0x0526c488
                                            0x0526c48f
                                            0x0526c491
                                            0x0526c493
                                            0x0526c493
                                            0x0526c48f
                                            0x0526c498
                                            0x0526c49e
                                            0x0526c4ad
                                            0x0526c4ad
                                            0x0526c4b2
                                            0x0526c4b4
                                            0x0526c4cd

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                            • Instruction ID: 24e875dfa7332f12380eb874e9632b8accaf09a2f25ff7afc5b19c86f689a451
                                            • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                            • Instruction Fuzzy Hash: C501DE72250506BFD721BF29CC88EA3F7ADFF54390F004125F249625A0CB22ACE1CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051D9080 Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 69%
                                            			E051D9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x52c85ec;
				E051F2280(_t48, 0x52c85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E051EFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x52c538c; // 0x775b6848
					if( *_t84 != 0x52c5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x52af6e8);
						E0522D0E8(0x52c85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E052A88F5(_t80, _t85, 0x52c5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x52c86c0; // 0x9007b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x52c86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E051F2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E052A88F5(0x52c85ec, _t85, 0x52c5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0521AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x52cb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x52c84c0;
																			if(_t82 >=  *0x52c84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E052A9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E051D922A(_t99);
										_t64 = E051F7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E052A8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x52c86c0; // 0x9007b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x52c86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x52c86bc;
													_t87 = 0x52c86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E051D9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x52c86c4;
												_t87 = 0x52c86c0;
												L27:
												E05209B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0522D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x52c5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x52c538c = _t51;
						goto L6;
					}
				}
			}




















                                            0x051d9082
                                            0x051d9083
                                            0x051d9084
                                            0x051d9085
                                            0x051d9087
                                            0x051d9096
                                            0x051d9098
                                            0x051d9098
                                            0x051d909e
                                            0x051d90a8
                                            0x051d90e7
                                            0x051d90e7
                                            0x051d90aa
                                            0x051d90b0
                                            0x051d90b7
                                            0x051d90bd
                                            0x051d90dd
                                            0x051d90e6
                                            0x051d90bf
                                            0x051d90bf
                                            0x051d90c7
                                            0x051d90cf
                                            0x051d90f1
                                            0x051d90f2
                                            0x051d90f4
                                            0x051d90f5
                                            0x051d90f6
                                            0x051d90f7
                                            0x051d90f8
                                            0x051d90f9
                                            0x051d90fa
                                            0x051d90fb
                                            0x051d90fc
                                            0x051d90fd
                                            0x051d90fe
                                            0x051d90ff
                                            0x051d9100
                                            0x051d9102
                                            0x051d9107
                                            0x051d910c
                                            0x051d9110
                                            0x051d9113
                                            0x051d9115
                                            0x051d9136
                                            0x051d913f
                                            0x051d9143
                                            0x052337e4
                                            0x052337e4
                                            0x051d9117
                                            0x051d9117
                                            0x051d911d
                                            0x00000000
                                            0x051d911f
                                            0x051d911f
                                            0x051d9125
                                            0x00000000
                                            0x051d9127
                                            0x051d912d
                                            0x051d9130
                                            0x051d9134
                                            0x051d9158
                                            0x051d915d
                                            0x051d9161
                                            0x051d9168
                                            0x05233715
                                            0x051d916e
                                            0x051d916e
                                            0x051d9175
                                            0x051d9177
                                            0x051d917e
                                            0x051d917f
                                            0x051d9182
                                            0x051d9182
                                            0x051d9187
                                            0x051d9187
                                            0x051d918a
                                            0x051d918d
                                            0x051d918f
                                            0x051d9192
                                            0x051d9195
                                            0x051d9198
                                            0x051d9198
                                            0x051d9198
                                            0x051d919a
                                            0x00000000
                                            0x00000000
                                            0x0523371f
                                            0x05233721
                                            0x05233727
                                            0x0523372f
                                            0x05233733
                                            0x05233735
                                            0x05233738
                                            0x0523373b
                                            0x0523373d
                                            0x05233740
                                            0x00000000
                                            0x05233746
                                            0x05233746
                                            0x05233749
                                            0x00000000
                                            0x0523374f
                                            0x0523374f
                                            0x05233751
                                            0x05233757
                                            0x05233759
                                            0x0523375c
                                            0x0523375c
                                            0x0523375e
                                            0x0523375e
                                            0x05233761
                                            0x05233764
                                            0x00000000
                                            0x00000000
                                            0x05233766
                                            0x05233768
                                            0x052337a3
                                            0x052337a3
                                            0x052337a5
                                            0x052337a7
                                            0x052337ad
                                            0x052337b0
                                            0x052337b2
                                            0x052337bc
                                            0x052337c2
                                            0x052337c2
                                            0x052337b2
                                            0x051d9187
                                            0x051d9187
                                            0x051d918a
                                            0x051d918d
                                            0x051d918f
                                            0x051d9192
                                            0x051d9195
                                            0x00000000
                                            0x051d9195
                                            0x00000000
                                            0x0523376a
                                            0x0523376a
                                            0x0523376a
                                            0x0523376c
                                            0x0523376c
                                            0x0523376f
                                            0x05233775
                                            0x00000000
                                            0x00000000
                                            0x05233777
                                            0x05233779
                                            0x05233782
                                            0x05233787
                                            0x05233789
                                            0x05233790
                                            0x05233790
                                            0x0523378b
                                            0x0523378b
                                            0x0523378b
                                            0x05233792
                                            0x05233795
                                            0x00000000
                                            0x05233795
                                            0x00000000
                                            0x05233779
                                            0x05233798
                                            0x00000000
                                            0x05233798
                                            0x00000000
                                            0x05233768
                                            0x0523379b
                                            0x0523379b
                                            0x05233751
                                            0x05233749
                                            0x00000000
                                            0x05233740
                                            0x051d91a0
                                            0x051d91a3
                                            0x051d91a9
                                            0x051d91b0
                                            0x00000000
                                            0x051d91b0
                                            0x051d9187
                                            0x051d91b4
                                            0x051d91b4
                                            0x051d91bb
                                            0x051d91c0
                                            0x051d91c5
                                            0x051d91c7
                                            0x052337da
                                            0x051d91cd
                                            0x051d91cd
                                            0x051d91cd
                                            0x051d91d2
                                            0x051d91d5
                                            0x051d9239
                                            0x051d9239
                                            0x051d91d7
                                            0x051d91db
                                            0x051d91e1
                                            0x051d91e7
                                            0x051d91fd
                                            0x051d9203
                                            0x051d921e
                                            0x051d9223
                                            0x00000000
                                            0x051d9205
                                            0x051d9205
                                            0x051d9208
                                            0x051d920c
                                            0x051d9214
                                            0x051d9214
                                            0x051d920c
                                            0x051d91e9
                                            0x051d91e9
                                            0x051d91ee
                                            0x051d91f3
                                            0x051d91f3
                                            0x051d91f3
                                            0x051d91e7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051d9134
                                            0x051d9125
                                            0x051d911d
                                            0x051d914e
                                            0x051d90d1
                                            0x051d90d1
                                            0x051d90d3
                                            0x051d90d6
                                            0x051d90d8
                                            0x00000000
                                            0x051d90d8
                                            0x051d90cf

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a327745affe4beff15896c2d843c043ef3d07cb2930e8876c1c75534285a1204
                                            • Instruction ID: 30591d126bd7a1c60589337b8c9eb281511f6aedd2932915badd3e70d56b30ea
                                            • Opcode Fuzzy Hash: a327745affe4beff15896c2d843c043ef3d07cb2930e8876c1c75534285a1204
                                            • Instruction Fuzzy Hash: 4301A9726116049FC3299F14F844B25BBB9FF85310F254166F5058B692C7B8DC41CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A4015 Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E052A4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E051F2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E051F2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x52c86ac);
					E051DF900(0x52c86d4, _t28);
					E051EFFB0(0x52c86ac, _t28, 0x52c86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E051EFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                            0x052a401a
                                            0x052a401e
                                            0x052a4023
                                            0x052a4028
                                            0x052a4029
                                            0x052a402b
                                            0x052a402f
                                            0x052a4043
                                            0x052a4046
                                            0x052a4051
                                            0x052a4057
                                            0x052a405f
                                            0x052a4062
                                            0x052a4067
                                            0x052a406f
                                            0x052a407c
                                            0x052a407c
                                            0x052a408c
                                            0x052a408c
                                            0x052a4097

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a1492b6d0fd88debd0f70aff2922f7e8491082c887b535984bcb66a8bff5dc15
                                            • Instruction ID: d8b0ef251b43653dc0e21f5bcd34353e3823bc13b22e0ca3f223b38887f80732
                                            • Opcode Fuzzy Hash: a1492b6d0fd88debd0f70aff2922f7e8491082c887b535984bcb66a8bff5dc15
                                            • Instruction Fuzzy Hash: DC018F723519457FC725BB79CD88E57B7ACFF85660B00022AB60883A52DB74EC12C7E4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052914FB Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 61%
                                            			E052914FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x52cd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0521FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E051F7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0521B640(E05219AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                            0x052914fb
                                            0x052914fb
                                            0x0529150a
                                            0x05291514
                                            0x05291519
                                            0x0529151b
                                            0x05291526
                                            0x0529152c
                                            0x05291534
                                            0x05291537
                                            0x0529153a
                                            0x05291545
                                            0x05291557
                                            0x05291547
                                            0x05291550
                                            0x05291550
                                            0x05291562
                                            0x05291563
                                            0x05291565
                                            0x0529156a
                                            0x0529157f

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3d7cd660efec25c21c6dc234a13dd6e2d4bce1a7fc2ea846d733ed6992d159c2
                                            • Instruction ID: 44cf07401f95738c0f7a221accd31007d87c41292e125dd819d3ad383877ff70
                                            • Opcode Fuzzy Hash: 3d7cd660efec25c21c6dc234a13dd6e2d4bce1a7fc2ea846d733ed6992d159c2
                                            • Instruction Fuzzy Hash: 90019E71A10248AFCB04DFA9D846EAFBBB8EF44710F404066F915EB380DA74DA00CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0529138A Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 61%
                                            			E0529138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x52cd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0521FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E051F7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0521B640(E05219AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                            0x0529138a
                                            0x0529138a
                                            0x05291399
                                            0x052913a3
                                            0x052913a8
                                            0x052913aa
                                            0x052913b5
                                            0x052913bb
                                            0x052913c3
                                            0x052913c6
                                            0x052913c9
                                            0x052913d4
                                            0x052913e6
                                            0x052913d6
                                            0x052913df
                                            0x052913df
                                            0x052913f1
                                            0x052913f2
                                            0x052913f4
                                            0x052913f9
                                            0x0529140e

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5f06a706791ed4a1770e62bb5c6ecacc7200caf304597397a157c0fd4e9f9615
                                            • Instruction ID: 5ff745ee6ad3cbb5c3dd44d81e7578c930940fbf41d4f80218360a9a181680e6
                                            • Opcode Fuzzy Hash: 5f06a706791ed4a1770e62bb5c6ecacc7200caf304597397a157c0fd4e9f9615
                                            • Instruction Fuzzy Hash: B8015E71E10258AFCB14DFA9D846EAFBBB8EF44710F404066B905EB381DA749A51CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051D58EC Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 91%
                                            			E051D58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x52cd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x51b5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E051D5943() != 0 &&  *0x52c5320 > 5) {
					E05257B5E( &_v44, _t27);
					_t22 =  &_v28;
					E05257B5E( &_v28, _t28);
					_t11 = E05257B9C(0x52c5320, 0x51bbf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0521B640(_t11, _t17, _v8 ^ _t29, 0x51bbf15, _t27, _t28);
			}















                                            0x051d58fb
                                            0x051d58fe
                                            0x051d5906
                                            0x051d590a
                                            0x051d593c
                                            0x051d593c
                                            0x051d590c
                                            0x051d590c
                                            0x051d5911
                                            0x00000000
                                            0x051d5913
                                            0x051d5913
                                            0x051d5913
                                            0x051d5911
                                            0x051d591d
                                            0x05231035
                                            0x0523103c
                                            0x0523103f
                                            0x05231056
                                            0x05231056
                                            0x051d593b

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f17d7c55126708744d06dd537df92096224f65b67ec158e44213d5e7c2486532
                                            • Instruction ID: 63e72b2a380fac882f0998f74fb3d37ede1b17bb33d34052b25e5b3e709eaed5
                                            • Opcode Fuzzy Hash: f17d7c55126708744d06dd537df92096224f65b67ec158e44213d5e7c2486532
                                            • Instruction Fuzzy Hash: 6501F731B141049BC71CDB25DD459AFBBBAEF40270F8A0069EC05A7241EF70ED02CA60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0528FE3F Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 59%
                                            			E0528FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x52cd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0521FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E051F7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0521B640(E05219AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                            0x0528fe3f
                                            0x0528fe3f
                                            0x0528fe4e
                                            0x0528fe58
                                            0x0528fe5d
                                            0x0528fe5f
                                            0x0528fe6a
                                            0x0528fe72
                                            0x0528fe75
                                            0x0528fe78
                                            0x0528fe83
                                            0x0528fe95
                                            0x0528fe85
                                            0x0528fe8e
                                            0x0528fe8e
                                            0x0528fea0
                                            0x0528fea1
                                            0x0528fea3
                                            0x0528fea8
                                            0x0528febd

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1f76316eac1e9b98b828eca2e0ab956d76256f5f3f79cdd1824a004490d1eb81
                                            • Instruction ID: ee7a871672ff5a423e3f781b05e4450ef979230b848dfd1e455bdba08f7ea81c
                                            • Opcode Fuzzy Hash: 1f76316eac1e9b98b828eca2e0ab956d76256f5f3f79cdd1824a004490d1eb81
                                            • Instruction Fuzzy Hash: E3018471F11248ABCB14EFA9D845FAFBBB8EF44710F004066BD04AB381DA749901C7A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0528FEC0 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 59%
                                            			E0528FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x52cd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0521FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E051F7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0521B640(E05219AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                            0x0528fec0
                                            0x0528fec0
                                            0x0528fecf
                                            0x0528fed9
                                            0x0528fede
                                            0x0528fee0
                                            0x0528feeb
                                            0x0528fef3
                                            0x0528fef6
                                            0x0528fef9
                                            0x0528ff04
                                            0x0528ff16
                                            0x0528ff06
                                            0x0528ff0f
                                            0x0528ff0f
                                            0x0528ff21
                                            0x0528ff22
                                            0x0528ff24
                                            0x0528ff29
                                            0x0528ff3e

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c01063b1ee6c3f9485293d9115fefde385aef47eec0aefc722203a0d1f953033
                                            • Instruction ID: 92b493037b7c225f8d18ffee95a2afc64df26d110d1736d993699a2dae15849c
                                            • Opcode Fuzzy Hash: c01063b1ee6c3f9485293d9115fefde385aef47eec0aefc722203a0d1f953033
                                            • Instruction Fuzzy Hash: 7501D471A11248ABCB14EBA8D849FAFBBB8EF54700F004066B900AB3C0EA749A41C794
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051EB02A Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051EB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E051F7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E05257016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                            0x051eb037
                                            0x051eb039
                                            0x051eb03b
                                            0x051eb040
                                            0x0523a60e
                                            0x00000000
                                            0x00000000
                                            0x0523a61d
                                            0x051eb04b
                                            0x051eb04e
                                            0x0523a627
                                            0x0523a634
                                            0x00000000
                                            0x00000000
                                            0x0523a641
                                            0x0523a653
                                            0x0523a643
                                            0x0523a64c
                                            0x0523a64c
                                            0x0523a65b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0523a66c
                                            0x051eb057
                                            0x051eb057
                                            0x051eb057
                                            0x051eb046
                                            0x051eb046
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                            • Instruction ID: 940f5b9b8c8c0a69a4feaeb20efe6442a06fa92f3b4fc3dd8175f9bfaa3f352a
                                            • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                            • Instruction Fuzzy Hash: 35017C722199849FD726C75CC988F7677E9FF45750F0900B1EA1ACBAA1D768EC40C620
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A1074 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E052A1074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E052A165E(__ebx, 0x52c8ae4, (__edx -  *0x52c8b04 >> 0x14) + (__edx -  *0x52c8b04 >> 0x14), __edi, __ecx, (__edx -  *0x52c8b04 >> 0x14) + (__edx -  *0x52c8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0529AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E051F7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0528FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                            0x052a1074
                                            0x052a1080
                                            0x052a1082
                                            0x052a108a
                                            0x052a108f
                                            0x052a1093
                                            0x052a10ab
                                            0x052a10ab
                                            0x052a10c3
                                            0x052a10cf
                                            0x052a10e1
                                            0x052a10d1
                                            0x052a10da
                                            0x052a10da
                                            0x052a10e9
                                            0x052a10f5
                                            0x052a10f5
                                            0x052a10fe

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e3023ea1765c18b88cba763e107b021a002cf340c0e8e5171c7fd5533459171a
                                            • Instruction ID: e58110e262342e591aa403d4baef51bad1f4cdb9b99499921f4cddfa709b21a2
                                            • Opcode Fuzzy Hash: e3023ea1765c18b88cba763e107b021a002cf340c0e8e5171c7fd5533459171a
                                            • Instruction Fuzzy Hash: E801F5736287429BC710EB68C944A1A7BE5BF84320F04C619F98683291EF71D450CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A8ED6 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 54%
                                            			E052A8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x52cd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E051F7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0521B640(E05219AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                            0x052a8ed6
                                            0x052a8ee5
                                            0x052a8eed
                                            0x052a8ef0
                                            0x052a8efa
                                            0x052a8f03
                                            0x052a8f0c
                                            0x052a8f15
                                            0x052a8f24
                                            0x052a8f27
                                            0x052a8f31
                                            0x052a8f43
                                            0x052a8f33
                                            0x052a8f3c
                                            0x052a8f3c
                                            0x052a8f4e
                                            0x052a8f4f
                                            0x052a8f51
                                            0x052a8f56
                                            0x052a8f69

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 849bf5cd05bacf0e6198f359c7f5091cd014972ab38dbd434dabb48670727740
                                            • Instruction ID: 70257ad23f38eb67fd37206c6c2870161bd611ec755b03a12a859af44911f2c6
                                            • Opcode Fuzzy Hash: 849bf5cd05bacf0e6198f359c7f5091cd014972ab38dbd434dabb48670727740
                                            • Instruction Fuzzy Hash: AB111E71A102499FDB04DFA8D445BAEBBF4FF08300F5442AAE919EB382E6349940CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A8A62 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 54%
                                            			E052A8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x52cd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E051F7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0521B640(E05219AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                            0x052a8a62
                                            0x052a8a71
                                            0x052a8a79
                                            0x052a8a82
                                            0x052a8a85
                                            0x052a8a89
                                            0x052a8a8c
                                            0x052a8a8f
                                            0x052a8a92
                                            0x052a8a95
                                            0x052a8a9f
                                            0x052a8ab1
                                            0x052a8aa1
                                            0x052a8aaa
                                            0x052a8aaa
                                            0x052a8abc
                                            0x052a8abd
                                            0x052a8abf
                                            0x052a8ac4
                                            0x052a8ada

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ac96e33df59c51ecc44ce8db41ab54afa6f56604486463d3dd5ad4bc3a2b3b46
                                            • Instruction ID: b846a6bce2290b03770931a82c54e44b0629bccc03c01f37a71cccfa57d16643
                                            • Opcode Fuzzy Hash: ac96e33df59c51ecc44ce8db41ab54afa6f56604486463d3dd5ad4bc3a2b3b46
                                            • Instruction Fuzzy Hash: 06012176A1021D9FCB04DFA9D9459AEBBF8FF58310F10405AFA05E7341D634AD01CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051DDB60 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051DDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E051DDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E051DE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L051DE8B0(__ecx, _t14, 0xfff);
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                            0x051ddb64
                                            0x051ddb66
                                            0x051ddb6b
                                            0x051ddbaa
                                            0x051ddb71
                                            0x051ddb76
                                            0x051ddb7a
                                            0x051ddba3
                                            0x051ddb7c
                                            0x051ddb87
                                            0x051ddb8b
                                            0x05234fa1
                                            0x05234fb3
                                            0x05234fb8
                                            0x051ddb91
                                            0x051ddb96
                                            0x051ddb98
                                            0x051ddb98
                                            0x051ddb8b
                                            0x051ddb7a
                                            0x051ddb9d
                                            0x051ddba2

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                            • Instruction ID: 6942451198c5daf1c1d8b823b00179bfd5e32db73be89b93c0dbe2c436b5d6a0
                                            • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                            • Instruction Fuzzy Hash: E7F0F6333456229BD7326A5598C8F6BF69A9FC3A65F160035F2059B344CBA09C0287F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051DB1E1 Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051DB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E051F7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E051F7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E05257016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                            0x051db1e8
                                            0x051db1ea
                                            0x051db1f3
                                            0x05234a17
                                            0x051db1f9
                                            0x051db1f9
                                            0x051db1f9
                                            0x051db201
                                            0x05234a21
                                            0x05234a2e
                                            0x00000000
                                            0x00000000
                                            0x05234a3b
                                            0x05234a4d
                                            0x05234a3d
                                            0x05234a46
                                            0x05234a46
                                            0x05234a55
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051db20a
                                            0x051db20a
                                            0x051db20a
                                            0x051db20a

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                            • Instruction ID: 44567de3b9641d1b63301c8e8eb92760b79f54f6e3fa254f0138975ba45deff0
                                            • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                            • Instruction Fuzzy Hash: 4B01D1333186809BD722A759C808F69BB9AFF81750F0A00A1FE168B6B2D778D800C764
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0526FE87 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 46%
                                            			E0526FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x52cd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E051F7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0521B640(E05219AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                            0x0526fe96
                                            0x0526fe9e
                                            0x0526fea1
                                            0x0526fead
                                            0x0526feb3
                                            0x0526feb9
                                            0x0526fec3
                                            0x0526fed5
                                            0x0526fec5
                                            0x0526fece
                                            0x0526fece
                                            0x0526fee0
                                            0x0526fee1
                                            0x0526fee3
                                            0x0526fee8
                                            0x0526fefb

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 193487183364d50f9576eb83023b317cb2e33eec1112569e0d4c171bd8168b0a
                                            • Instruction ID: f45dbe59b84f83785a405cb169c45b3e3d921b61b72953bc34a5ae39e162da00
                                            • Opcode Fuzzy Hash: 193487183364d50f9576eb83023b317cb2e33eec1112569e0d4c171bd8168b0a
                                            • Instruction Fuzzy Hash: C8016271A10248AFCB14DFA8D546A6EBBF4FF08300F104169B945DB382DA35D901CB44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A8F6A Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 48%
                                            			E052A8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x52cd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E051F7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0521B640(E05219AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                            0x052a8f6a
                                            0x052a8f79
                                            0x052a8f81
                                            0x052a8f84
                                            0x052a8f8b
                                            0x052a8f91
                                            0x052a8f94
                                            0x052a8f9e
                                            0x052a8fb0
                                            0x052a8fa0
                                            0x052a8fa9
                                            0x052a8fa9
                                            0x052a8fbb
                                            0x052a8fbc
                                            0x052a8fbe
                                            0x052a8fc3
                                            0x052a8fd6

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bf645f3260944a90b3896be4f1ad18f7e08eb6be0e10260484591d350ec2a33c
                                            • Instruction ID: d343ef644190d5b2fb98c41265770c43bd5f209a5fab487fc6a7cae4e1e97b69
                                            • Opcode Fuzzy Hash: bf645f3260944a90b3896be4f1ad18f7e08eb6be0e10260484591d350ec2a33c
                                            • Instruction Fuzzy Hash: 7C014475A1024DAFCB04DFA8D549AAEB7F4FF58300F504059B945EB381DA74DA00CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0529131B Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 48%
                                            			E0529131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x52cd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E051F7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0521B640(E05219AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                            0x0529131b
                                            0x0529132a
                                            0x05291330
                                            0x05291336
                                            0x0529133e
                                            0x05291341
                                            0x05291344
                                            0x0529134f
                                            0x05291361
                                            0x05291351
                                            0x0529135a
                                            0x0529135a
                                            0x0529136c
                                            0x0529136d
                                            0x0529136f
                                            0x05291374
                                            0x05291387

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d862041f9095850c144ae0aaf11910a7b0e6970a52dd75c630084f0d373d6114
                                            • Instruction ID: dc4a708984664fc8b7ae5c891b2c9d5bcd0fd8cf114f02acb5bf4973e6cb3e9a
                                            • Opcode Fuzzy Hash: d862041f9095850c144ae0aaf11910a7b0e6970a52dd75c630084f0d373d6114
                                            • Instruction Fuzzy Hash: 48018170E10248AFCB04DFA9D509AAEB7F4FF08300F404059BC45EB381E6349A00CB54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05291608 Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 46%
                                            			E05291608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x52cd360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E051F7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0521B640(E05219AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                            0x05291608
                                            0x05291617
                                            0x0529161d
                                            0x05291625
                                            0x05291628
                                            0x0529162b
                                            0x05291636
                                            0x05291648
                                            0x05291638
                                            0x05291641
                                            0x05291641
                                            0x05291653
                                            0x05291654
                                            0x05291656
                                            0x0529165b
                                            0x0529166e

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 78f33a0e62d998f6dfae1b4840ee8974a4dd2a6125a1eb2dc114ab7a14c6739f
                                            • Instruction ID: 8e61376d2630ee1bb165b92f536f08ea8b07ac78ac9ec6c290a17a814200d704
                                            • Opcode Fuzzy Hash: 78f33a0e62d998f6dfae1b4840ee8974a4dd2a6125a1eb2dc114ab7a14c6739f
                                            • Instruction Fuzzy Hash: 31F06271E14248EFCB04DFA9D40AA6FBBF4FF18300F444069B905EB381EA349900CB54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051FC577 Relevance: .0, Instructions: 33COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051FC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E051FC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x51b11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E052A88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                            0x051fc577
                                            0x051fc57d
                                            0x051fc581
                                            0x051fc5b5
                                            0x051fc5b9
                                            0x051fc5ce
                                            0x051fc5ce
                                            0x051fc5ca
                                            0x00000000
                                            0x051fc5ca
                                            0x051fc5c4
                                            0x051fc5c8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x051fc5ad
                                            0x00000000
                                            0x051fc5af

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 960ac6007cfcbb162fe50cf89c4e7c3301a28344a5e6ba9c7312b83e0283f967
                                            • Instruction ID: c10bb61dd9c213886e58755684b9f82c244d41cfbf8608b5fc82dd23721de72a
                                            • Opcode Fuzzy Hash: 960ac6007cfcbb162fe50cf89c4e7c3301a28344a5e6ba9c7312b83e0283f967
                                            • Instruction Fuzzy Hash: 7EF06DB2B1D6A89ED735C664C10CB217BE5AB05768F494566D60687122C7A4DC80EBD0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A8D34 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 43%
                                            			E052A8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x52cd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E051F7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0521B640(E05219AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                            0x052a8d34
                                            0x052a8d43
                                            0x052a8d4b
                                            0x052a8d4e
                                            0x052a8d52
                                            0x052a8d5c
                                            0x052a8d6e
                                            0x052a8d5e
                                            0x052a8d67
                                            0x052a8d67
                                            0x052a8d79
                                            0x052a8d7a
                                            0x052a8d7c
                                            0x052a8d81
                                            0x052a8d94

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 187c24016a547c38208f13f3396611a0fe7ac72271629bf05eafdc5ee7d48d1c
                                            • Instruction ID: 9270e6b9d6250ebdcabea7ac7c55379f217ae35bedc1cb0c3453faa7734531db
                                            • Opcode Fuzzy Hash: 187c24016a547c38208f13f3396611a0fe7ac72271629bf05eafdc5ee7d48d1c
                                            • Instruction Fuzzy Hash: 37F0B470A246489FC704EFB8D445A6E77B4FF18300F5080A9F905EB281DA34D900CB54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05292073 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E05292073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0528FD22(__ecx);
				_t19 =  *0x52c849c - _t3; // 0x5fa96119
				if(_t19 == 0) {
					__eflags = _t17 -  *0x52c8748; // 0x0
					if(__eflags <= 0) {
						E05291C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x52c8724 & 0x00000004;
							if(( *0x52c8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x52c8724; // 0x0
					return E05288DF1(__ebx, 0xc0000374, 0x52c5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                            0x05292076
                                            0x05292078
                                            0x0529207d
                                            0x05292083
                                            0x052920a4
                                            0x052920aa
                                            0x052920ac
                                            0x052920b7
                                            0x052920ba
                                            0x052920bc
                                            0x052920c9
                                            0x052920c9
                                            0x052920d0
                                            0x052920d2
                                            0x00000000
                                            0x052920d2
                                            0x052920be
                                            0x052920c3
                                            0x052920c5
                                            0x052920c7
                                            0x00000000
                                            0x00000000
                                            0x052920c7
                                            0x052920bc
                                            0x052920d4
                                            0x05292085
                                            0x05292085
                                            0x052920a3
                                            0x052920a3

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 28708ff646f8c886714cecc15d8fbc9f57a3aeabb1b53fea895c120eb5e8d8cc
                                            • Instruction ID: 746301736341e353a23c1e4d213127937a6f658246266cd41d73edc293d4e170
                                            • Opcode Fuzzy Hash: 28708ff646f8c886714cecc15d8fbc9f57a3aeabb1b53fea895c120eb5e8d8cc
                                            • Instruction Fuzzy Hash: 2DF05C7F536286DACF3AAB34310E7F23F91EF55210F495485E45527342C8358887CB21
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0521927A Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 54%
                                            			E0521927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L051F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0521FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E052192C6(_t11, _t14);
				}
				return _t11;
			}





                                            0x05219295
                                            0x05219299
                                            0x0521929f
                                            0x052192aa
                                            0x052192ad
                                            0x052192ae
                                            0x052192af
                                            0x052192b0
                                            0x052192b4
                                            0x052192bb
                                            0x052192bb
                                            0x052192c5

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                            • Instruction ID: 0c51a2167376e72054be52e22f3b423ad5222d5c24f309c33f652c2cbc1cd6b0
                                            • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                            • Instruction Fuzzy Hash: ADE022323506002BEB219E0ACC88F0337ADEF92730F004078B9041E282CAEADD08C7A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051F746D Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E051F746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E051EEB70(__ecx, 0x52c79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E052195D0();
							L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                            0x051f746d
                                            0x051f746d
                                            0x051f746d
                                            0x051f7471
                                            0x051f7488
                                            0x0523f92d
                                            0x051f748e
                                            0x051f7491
                                            0x051f7495
                                            0x0523f937
                                            0x0523f93a
                                            0x0523f94e
                                            0x0523f953
                                            0x0523f956
                                            0x0523f956
                                            0x051f7495
                                            0x00000000
                                            0x051f7488
                                            0x051f7473
                                            0x051f7478
                                            0x051f747d
                                            0x051f7481
                                            0x00000000
                                            0x051f7481
                                            0x051f747d
                                            0x051f747a
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4f14cfd0be807aa271a7162cc96f368b9a3d220c7526c44dc92fc186966568c8
                                            • Instruction ID: f5d4cedf99acd83e85e0a3e2fba37b03fdadb70e11ea44bdaa26e63c0a6fd5a8
                                            • Opcode Fuzzy Hash: 4f14cfd0be807aa271a7162cc96f368b9a3d220c7526c44dc92fc186966568c8
                                            • Instruction Fuzzy Hash: E7F05E34A64145AACF15DB68C980F7AFBA2FF04250F050259DA52AB1E1F7699C02CB95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A8CD6 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 36%
                                            			E052A8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x52cd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E051F7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0521B640(E05219AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                            0x052a8ce5
                                            0x052a8ced
                                            0x052a8cf0
                                            0x052a8cfb
                                            0x052a8d0d
                                            0x052a8cfd
                                            0x052a8d06
                                            0x052a8d06
                                            0x052a8d18
                                            0x052a8d19
                                            0x052a8d1b
                                            0x052a8d20
                                            0x052a8d33

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 04f713b3657c351dd79ab7284234654b91f6a30579209f37bce09c281ae99760
                                            • Instruction ID: c47f86ae4ec201fc687409bb1ec392574240654f80a2438d4ac13fd19dbeb322
                                            • Opcode Fuzzy Hash: 04f713b3657c351dd79ab7284234654b91f6a30579209f37bce09c281ae99760
                                            • Instruction Fuzzy Hash: 0EF08271A14648ABCB04DBB8E94AE6E7BB8EF58300F500199F916EB2C1EA34D904C758
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051D4F2E Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051D4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E052A88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E051FC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x51b1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                            0x051d4f2e
                                            0x051d4f34
                                            0x051d4f38
                                            0x05230b85
                                            0x05230b85
                                            0x05230b89
                                            0x05230b9a
                                            0x05230b9a
                                            0x05230b9f
                                            0x00000000
                                            0x05230b9f
                                            0x05230b94
                                            0x05230b98
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x05230b98
                                            0x051d4f3e
                                            0x051d4f48
                                            0x00000000
                                            0x051d4f6e
                                            0x00000000
                                            0x051d4f70

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d9d5935215e0ac2c216f9697d53776327f262869e8219faabcfe3a6456775aca
                                            • Instruction ID: d1f699c4e41bc3f5430f43480406e432a429af36eb9b41daba97d922627a310e
                                            • Opcode Fuzzy Hash: d9d5935215e0ac2c216f9697d53776327f262869e8219faabcfe3a6456775aca
                                            • Instruction Fuzzy Hash: 6FF0BEB2A3968A9FD770C718C288F22B7E6BF04778F054465D40A87921C768EC40C6A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052A8B58 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 36%
                                            			E052A8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x52cd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E051F7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0521B640(E05219AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                            0x052a8b67
                                            0x052a8b6f
                                            0x052a8b72
                                            0x052a8b7d
                                            0x052a8b8f
                                            0x052a8b7f
                                            0x052a8b88
                                            0x052a8b88
                                            0x052a8b9a
                                            0x052a8b9b
                                            0x052a8b9d
                                            0x052a8ba2
                                            0x052a8bb5

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 571ffd77f070f9bba5eedd419fc2814b974657fb137dd6116723d024f972687d
                                            • Instruction ID: 9b63ad114f03fb76fe4dbadc0a79924a70060e0a7ea07e61ffea7c9194ab73d1
                                            • Opcode Fuzzy Hash: 571ffd77f070f9bba5eedd419fc2814b974657fb137dd6116723d024f972687d
                                            • Instruction Fuzzy Hash: 18F082B1B24258ABDB04EBA8D90AE6F77B8FF04300F540459BA05DB3C1EB74D901C798
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520A44B Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0520A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x52c7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L051F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0521FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                            0x0520a44b
                                            0x0520a453
                                            0x0520a472
                                            0x0520a476
                                            0x00000000
                                            0x0520a493
                                            0x0520a47a
                                            0x0520a47f
                                            0x0520a486
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5036b1672fe938f2b8585fd2ae820876b42e01b223bfa1b3dda48d7ec6fe5a6b
                                            • Instruction ID: b9adddd867614b6262ae0da96dbe1fb92792f4d71c2abdf963003b4d0c2c31d7
                                            • Opcode Fuzzy Hash: 5036b1672fe938f2b8585fd2ae820876b42e01b223bfa1b3dda48d7ec6fe5a6b
                                            • Instruction Fuzzy Hash: 87E09272B62421ABD3119E18BC04F6777ADFFE4651F094039F909C7251DA68DD01C7E0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051DF358 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E051DF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0520F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L051F4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                            0x051df35d
                                            0x051df361
                                            0x051df367
                                            0x051df372
                                            0x051df38c
                                            0x051df38c
                                            0x051df394

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                            • Instruction ID: 3f0559de51aff9669aa2cc08040301a07e7ccc773a4cea42d21233205ad942b5
                                            • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                            • Instruction Fuzzy Hash: 0CE0DF32A41118BBCB35ABD99E09FABBBACEB48A60F050195BE05D7190D6649E00C3E0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051EFF60 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051EFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x51b11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E052A88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E051F0050(_t14);
				}
			}










                                            0x051eff66
                                            0x051eff6b
                                            0x00000000
                                            0x051eff8f
                                            0x00000000
                                            0x051eff8f

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5ebb7403eee6993c9db8784bd7bd6d17914d6aacb6564efce0e4030bc8773c26
                                            • Instruction ID: 366bd70c568b8f5c21a13b54456d47bca2ce26493edc97fef52f20ef26dca11f
                                            • Opcode Fuzzy Hash: 5ebb7403eee6993c9db8784bd7bd6d17914d6aacb6564efce0e4030bc8773c26
                                            • Instruction Fuzzy Hash: A9E0DFB32096849FDB34DBA1D154F3537A9AF4A721F1E801EE8094B102D72AD882C20A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052641E8 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E052641E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x52b08f0);
				_t5 = E0522D08C(__ebx, __edi, __esi);
				if( *0x52c87ec == 0) {
					E051EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x52c87ec == 0) {
						 *0x52c87f0 = 0x52c87ec;
						 *0x52c87ec = 0x52c87ec;
						 *0x52c87e8 = 0x52c87e4;
						 *0x52c87e4 = 0x52c87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L05264248();
				}
				return E0522D0D1(_t5);
			}





                                            0x052641e8
                                            0x052641ea
                                            0x052641ef
                                            0x052641fb
                                            0x05264206
                                            0x0526420b
                                            0x05264216
                                            0x0526421d
                                            0x05264222
                                            0x0526422c
                                            0x05264231
                                            0x05264231
                                            0x05264236
                                            0x0526423d
                                            0x0526423d
                                            0x05264247

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 02a9f2a523cc050ddbc418fa9dd836deb5f92af3d3864e46ab06c79cd8b84685
                                            • Instruction ID: 644680a736c765a4f141863e70e270600b66444232547f1079694eca485e594a
                                            • Opcode Fuzzy Hash: 02a9f2a523cc050ddbc418fa9dd836deb5f92af3d3864e46ab06c79cd8b84685
                                            • Instruction Fuzzy Hash: 86F0157EA71780DECBA0EFA8E54E7143EB4FF44310F91825AA044AB2D6EB744589CF41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0528D380 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0528D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L051DE8B0(__ecx, _a4, 0xfff);
					L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                            0x0528d38a
                                            0x0528d39b
                                            0x0528d3b1
                                            0x00000000
                                            0x0528d3b6
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                            • Instruction ID: 7e4f9978dd505c884567103de37b25e29c3ea0a7a79380b8109492358bc1bba8
                                            • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                            • Instruction Fuzzy Hash: 59E0C231391244BBDB227E84CC04FB9BB1AEF407A1F104031FE085A6D1C671AC91DAD4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0520A185 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0520A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x52c67e4 >= 0xa) {
					if(_t5 < 0x52c6800 || _t5 >= 0x52c6900) {
						return L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E051F0010(0x52c67e0, _t5);
				}
			}





                                            0x0520a190
                                            0x0520a1a6
                                            0x0520a1c2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0520a192
                                            0x0520a192
                                            0x0520a19f
                                            0x0520a19f

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 191c0098959668dc7590d86f61984b55c5df639b59d7caf2e36fc755859cf02a
                                            • Instruction ID: b05dbf3f1d2e51aa3b72188977c4e3c5b23287f7116001e40538259c4b10bb47
                                            • Opcode Fuzzy Hash: 191c0098959668dc7590d86f61984b55c5df639b59d7caf2e36fc755859cf02a
                                            • Instruction Fuzzy Hash: AAD02B212321403AC71CA3489C9CB213A36EF88700FF00A4CF2030E5D3DFA0A8D88248
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052016E0 Relevance: .0, Instructions: 17COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E052016E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E05201710(0x52c67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L051F4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                            0x052016e8
                                            0x052016ef
                                            0x052016f3
                                            0x052016fe
                                            0x00000000
                                            0x05201700
                                            0x0520170d
                                            0x0520170d
                                            0x052016f2
                                            0x052016f2
                                            0x052016f2
                                            0x052016f2

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 33ae48934806a2e74c1a6e514f8af157dc73994463666327678775feb2dd1b81
                                            • Instruction ID: 4a01ffc367188550022882894c2e205f920185bdc92b2700330fc65e7499fbb2
                                            • Opcode Fuzzy Hash: 33ae48934806a2e74c1a6e514f8af157dc73994463666327678775feb2dd1b81
                                            • Instruction Fuzzy Hash: 9ED0A931222241A6DF2D5B18DC48B252262FF80B91F3810ACF20B498D3CFE0DDB2E048
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052553CA Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E052553CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E051EEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                            0x052553ca
                                            0x052553ce
                                            0x052553d9
                                            0x052553de
                                            0x052553e1
                                            0x052553e1
                                            0x052553e6
                                            0x052553f3
                                            0x00000000
                                            0x052553f8
                                            0x052553fb

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                            • Instruction ID: 23f81ed9254ff35da6b9930ea7d24b31a1936f0430c446fd2680f8e3e5fa1962
                                            • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                            • Instruction Fuzzy Hash: D3E08C31A54680ABCF16EB48C694F4EB7F9FF44B00F180004A50D5B661C734AC00CB40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052035A1 Relevance: .0, Instructions: 12COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E052035A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E051EEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                            0x052035a1
                                            0x052035a1
                                            0x052035a5
                                            0x052035ab
                                            0x052035ab
                                            0x052035b5
                                            0x00000000
                                            0x052035c1
                                            0x052035b7

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                            • Instruction ID: 2d115e492f281e982a6e9fb46e3664f7f65177dced830db06462d856ef7ebd75
                                            • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                            • Instruction Fuzzy Hash: BED0A77157758199DB01EB10C1287E83B76BF18206F5838558006054F3C335490DC700
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051EAAB0 Relevance: .0, Instructions: 12COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051EAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                            0x051eaab6
                                            0x051eaabb
                                            0x0523a442
                                            0x00000000
                                            0x0523a448
                                            0x0523a454
                                            0x0523a454
                                            0x051eaac1
                                            0x051eaac1
                                            0x051eaac6
                                            0x051eaac6

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                            • Instruction ID: 5da6e1e7de4c288cacc83af7fa914ab3dab8bd3668ecbc2d81e323606379487d
                                            • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                            • Instruction Fuzzy Hash: B7D0E975352E81CFD71ACB1DC559B1573A5BF44B44FC504A0E545CB761E72CD954CA00
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0525A537 Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0525A537(intOrPtr _a4, intOrPtr _a8) {

				return L051F8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                            0x0525a553

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                            • Instruction ID: c0b6e17e58053c307c6bf337b4ad3aaecbc8eca819ace95f36952ffad2f81070
                                            • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                            • Instruction Fuzzy Hash: 4AC08C33180648BBCF126F81CC00F467F2AFB94B60F008010FA080B572C632E9B0EB84
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051DDB40 Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051DDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L051F4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                            0x051ddb4d
                                            0x051ddb54
                                            0x051ddb5f
                                            0x051ddb56
                                            0x051ddb56
                                            0x051ddb5c
                                            0x051ddb5c

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                            • Instruction ID: 6c51f85c2c7d3f868b622a1d3df7b42491607061e64bb29a0dbeb61aadb53f94
                                            • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                            • Instruction Fuzzy Hash: 58C08C31380A40AAEF221F20CD01B0176A0BB01B05F8400A06301DA0F0DBB8E901E610
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051DAD30 Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051DAD30(intOrPtr _a4) {

				return L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                            0x051dad49

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                            • Instruction ID: 6b7fb56fdf5243c6c4192c28578acfa72c489252bc42fcc9762f08c0c99c1cb8
                                            • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                            • Instruction Fuzzy Hash: F3C08C32180248BBC7126A45CD04F017B29E790B60F000020B6040A6A28A32E861D688
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052036CC Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E052036CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L051F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                            0x052036d2
                                            0x052036e8
                                            0x052036d4
                                            0x052036e5
                                            0x052036e5

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                            • Instruction ID: 69346a722634c7e92765771e13a17d3379b4261a8940b32e1b0b67f5c552edb1
                                            • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                            • Instruction Fuzzy Hash: 54C02B70361440BBDF155F30CD00F157294FB10B31F6407547320454F1D668DC00D204
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051E76E2 Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051E76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L051F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                            0x051e76e4
                                            0x00000000
                                            0x051e76f8
                                            0x051e76fd

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                            • Instruction ID: 70290b7a05846f457f7525971c10a1019506db2571aa36eaf77ef885298f849e
                                            • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                            • Instruction Fuzzy Hash: 35C08C702519C05AFB2E6B08CE28F303650FB0D60CF88029CAA02094E2C368B843C208
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051F3A1C Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051F3A1C(intOrPtr _a4) {
				void* _t5;

				return L051F4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                            0x051f3a35

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                            • Instruction ID: ff26f9d1a60a36ea7974a7ca1cdf637ac51f22ac152c3b4f3b8d971392c5ec94
                                            • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                            • Instruction Fuzzy Hash: 5FC04C32180648BBCB126E45DD05F167B69E794B60F154021B7040A5618676ED61D698
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 051F7D50 Relevance: .0, Instructions: 7COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E051F7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                            0x051f7d56
                                            0x051f7d5b
                                            0x051f7d60
                                            0x051f7d5d
                                            0x051f7d5d
                                            0x051f7d5d

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                            • Instruction ID: 6e2d6ea9feb0eb0b9489b8b0dc71aa655e3dc678f1e9e7e3e698cc02ab3aa7c4
                                            • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                            • Instruction Fuzzy Hash: D2B092383019408FCE16DF18C180F2533E4FB84A40B8400D0E400CBA20D329E8008A00
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05202ACB Relevance: .0, Instructions: 5COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E05202ACB() {
				void* _t5;

				return E051EEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                            0x05202adc

                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                            • Instruction ID: 46c7291cc8a8f9901565c7d3ad984389ecf49b5807fe71f6c327cedaffdec185
                                            • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                            • Instruction Fuzzy Hash: 37B01232D50840CFCF02EF40C650B197335FB00750F094590900127931C328AC01CB40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c6a5c57510ed25d6c952a562e27bd546e0328e8d889d07bc58481ea89974c90e
                                            • Instruction ID: 56f12fad136ab299b85d14e80b3b225d97421568beb118720e442f0d5e1c9832
                                            • Opcode Fuzzy Hash: c6a5c57510ed25d6c952a562e27bd546e0328e8d889d07bc58481ea89974c90e
                                            • Instruction Fuzzy Hash: 929002F6211150A24500A2698444B0A45159BE0251BA1C016E5084560CC5A58852A175
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0521AD30 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 22f19eaf609030fe0e4bd0a8bd65f38c4d04f4c701b2084fe2842bcf31d884a6
                                            • Instruction ID: 4d3f89f53cd165beffe1383f1dd19edd6ee3aa1ca8f937d8da37473d64d29492
                                            • Opcode Fuzzy Hash: 22f19eaf609030fe0e4bd0a8bd65f38c4d04f4c701b2084fe2842bcf31d884a6
                                            • Instruction Fuzzy Hash: 43900276A15010229140716948546464016ABE0791BA5C011A4544554C89D48A5663E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219560 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c229b58f09949ea6321709602c46dd957db9022c26d36e1e5d24abbe9da4cb61
                                            • Instruction ID: 6bf8ba25af7f5d1da0605d383b6a1a698f33fb804cd82baf98bf04443aff8f99
                                            • Opcode Fuzzy Hash: c229b58f09949ea6321709602c46dd957db9022c26d36e1e5d24abbe9da4cb61
                                            • Instruction Fuzzy Hash: AE90027A231010120145A569064450B0455ABD63A13E1C015F5446590CC6A188666361
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052195F0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c25fcc481b00a74aa7b9b5d6741a8839e9d65997e85093d5fde8305daa6c53eb
                                            • Instruction ID: 018f943c93570f8a5e415b659c4ff2ecb891a230583f605aedc1ac3b68c674a4
                                            • Opcode Fuzzy Hash: c25fcc481b00a74aa7b9b5d6741a8839e9d65997e85093d5fde8305daa6c53eb
                                            • Instruction Fuzzy Hash: 6D90027621101812D1046169484468600159BD0351FA1C011AA054655E96E588927171
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219730 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d4f67335a88a1f7fb9d3ba90c4dfbb1e3995b783db3fa87909b5ea7934191191
                                            • Instruction ID: b14e9d33035f2994ec9c15745bfaa0ac80b7c037a3b53d709c286c678e02a736
                                            • Opcode Fuzzy Hash: d4f67335a88a1f7fb9d3ba90c4dfbb1e3995b783db3fa87909b5ea7934191191
                                            • Instruction Fuzzy Hash: A990027661501412D1407169545870600259BD0251FA1D011A4054554DC6D98A5676E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0521A710 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 582ba08bf04d923e171f13163882aa7b708a549bd11a75c3a9ca675f66bf7033
                                            • Instruction ID: 627a551d88f3c9d127582923b8e2d65d3a4d8b3530b699fea269704e5c15021a
                                            • Opcode Fuzzy Hash: 582ba08bf04d923e171f13163882aa7b708a549bd11a75c3a9ca675f66bf7033
                                            • Instruction Fuzzy Hash: 3C900276311010629500A6A95844A4A41159BF0351BA1D015A8044554C85D488626161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219760 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1e64f79755c6f35bdf59f99aef03c02f72af6d641036a6b46cd44e7b29d34151
                                            • Instruction ID: bb18f9bc81d72f9b22df59fcb34753046545415838c3f16e573f91ad1e860ab7
                                            • Opcode Fuzzy Hash: 1e64f79755c6f35bdf59f99aef03c02f72af6d641036a6b46cd44e7b29d34151
                                            • Instruction Fuzzy Hash: E890027621101413D1006169554870700159BD0251FA1D411A4454558DD6D688527161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219770 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0364528773af97b3685e9a0bd2fa0104597d6a9e6c8551f00e03a19912a1a783
                                            • Instruction ID: 99dfec72b6048e82f1aa23ae6caf0e7c239ab2d6cf24fe3b291651a39f4b32ea
                                            • Opcode Fuzzy Hash: 0364528773af97b3685e9a0bd2fa0104597d6a9e6c8551f00e03a19912a1a783
                                            • Instruction Fuzzy Hash: 5190027621505452D10065695448A0600159BD0255FA1D011A5094595DC6B58852B171
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0521A770 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 494e3b02b2f21d4d20d9b6901ba4a3a4166a43742d80c2b75df8a8d46253dd8c
                                            • Instruction ID: 2625a2a125b12d2ae5f5584f07ef9ee16eb4e322b12d3f94e0a2fedbaa6f1438
                                            • Opcode Fuzzy Hash: 494e3b02b2f21d4d20d9b6901ba4a3a4166a43742d80c2b75df8a8d46253dd8c
                                            • Instruction Fuzzy Hash: CB90027A21505452D50065695844A8700159BD0355FA1D411A445459CD86D48862B161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219610 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c720221748ada74118eec0c26855c9362ab3510e63ea6c2377dfd90a046d515
                                            • Instruction ID: 5ff811d058dda7f253746a606505ec97f824dca61ec0baf4c4b8c383d2892e3f
                                            • Opcode Fuzzy Hash: 6c720221748ada74118eec0c26855c9362ab3510e63ea6c2377dfd90a046d515
                                            • Instruction Fuzzy Hash: 2290027661501812D1507169445474600159BD0351FA1C011A4054654D87D58A5676E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219650 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4b589191ff43ed13cce9ed9ceec6a8761049d194edb3df0da45a70a56ec9cfe1
                                            • Instruction ID: cdecf151f3290f59dd56f48799015274c5d8556845c5fb1b85b17b382cdb894f
                                            • Opcode Fuzzy Hash: 4b589191ff43ed13cce9ed9ceec6a8761049d194edb3df0da45a70a56ec9cfe1
                                            • Instruction Fuzzy Hash: AE90027621505852D14071694444A4600259BD0355FA1C011A4094694D96A58D56B6A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052196D0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 69b565f493a7aa3802e41c9060431471aa94530363387676097454b5bba60f77
                                            • Instruction ID: 99fd73112b4d52618ea225f44bc0e3170d5440b1bce46524c05425a61eb6757c
                                            • Opcode Fuzzy Hash: 69b565f493a7aa3802e41c9060431471aa94530363387676097454b5bba60f77
                                            • Instruction Fuzzy Hash: CB90027621101852D10061694444B4600159BE0351FA1C016A4154654D8695C8527561
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219950 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7314aa2e4996c255e2fe5adbef239833e6a95e7a2d8192fb23b8aa5de8b8d846
                                            • Instruction ID: e88123eeb47a41f51977cc73a4ecc4d5f109b0dc6ddec18cbec28132b95222ff
                                            • Opcode Fuzzy Hash: 7314aa2e4996c255e2fe5adbef239833e6a95e7a2d8192fb23b8aa5de8b8d846
                                            • Instruction Fuzzy Hash: 7A9002B621141413D1406569484460700159BD0352FA1C011A6094555E8AA98C527175
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052199D0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eb40089bf026a318f53342b9572987fe9103be89a744de02f76326640bad5b6f
                                            • Instruction ID: a0a30b71a0cca6481f0800198aaa8786da83dbef7d348ca05b0fbf7e08af3d4e
                                            • Opcode Fuzzy Hash: eb40089bf026a318f53342b9572987fe9103be89a744de02f76326640bad5b6f
                                            • Instruction Fuzzy Hash: 679002B622101052D1046169444470600559BE1251FA1C012A6184554CC5A98C626165
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219820 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4f8651b4f1163e1be9790a6510f34f7153389871392c69eda14588594ad110c3
                                            • Instruction ID: 685c5ee21137fed863663a009e86d47d68b2b25852f05aa0edf68ffbff64d0e2
                                            • Opcode Fuzzy Hash: 4f8651b4f1163e1be9790a6510f34f7153389871392c69eda14588594ad110c3
                                            • Instruction Fuzzy Hash: EA90027625101412D141716944446060019ABD0291FE1C012A4454554E86D58A57BAA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0521B040 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6b977b46c5ab3049496f19250eef08e99367f7335340f19179464e9b668cb081
                                            • Instruction ID: 08a39c015931808ddaec11c275c6056760957eb919462c063674f131006f1d83
                                            • Opcode Fuzzy Hash: 6b977b46c5ab3049496f19250eef08e99367f7335340f19179464e9b668cb081
                                            • Instruction Fuzzy Hash: 979002B6611150534540B16948444065025ABE13513E1C121A4484560C86E88856A2A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 052198A0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 541201312d1ea74f47efb07f2f0c9eb97858d83a9632ecc52813723be6da2b78
                                            • Instruction ID: 1a80bbd4c7e9327af7869ac891e1d005c8a09984076ec0fb802af79720b4b1f9
                                            • Opcode Fuzzy Hash: 541201312d1ea74f47efb07f2f0c9eb97858d83a9632ecc52813723be6da2b78
                                            • Instruction Fuzzy Hash: AC90027631101412D102616944546060019DBD1395FE1C012E5454555D86A58953B172
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219B00 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a292ce262215a35de558afdfc271e1b15325e01ce0ca5f777b04b2654e334359
                                            • Instruction ID: 7d80b238496504aaf58112d1386b5b0e3bb8f58db7705e1c27c04e5a12257312
                                            • Opcode Fuzzy Hash: a292ce262215a35de558afdfc271e1b15325e01ce0ca5f777b04b2654e334359
                                            • Instruction Fuzzy Hash: 0D90027625101812D140716984547070016DBD0651FA1C011A4054554D8696896676F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0521A3B0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b5ddb1ea91360ecf797b9a7cd8d2237445240405c45a6eb0aff8acf0d8268d3b
                                            • Instruction ID: 3bffc92b2e6388c8fc1c68f819be83e638050dc0854774c2fa71ac75e67cdd69
                                            • Opcode Fuzzy Hash: b5ddb1ea91360ecf797b9a7cd8d2237445240405c45a6eb0aff8acf0d8268d3b
                                            • Instruction Fuzzy Hash: 0990027621145012D1407169848460B5015ABE0351FA1C411E4455554C86958857A261
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219A10 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c73caad2aeb1f5d5baa8a8b3d94dfe1ef85e1c62e858a39840cec45f7692760f
                                            • Instruction ID: 7543ae50458b2ed6a816b7a320d865777a287630bfcdb585bdb46609c220d0fd
                                            • Opcode Fuzzy Hash: c73caad2aeb1f5d5baa8a8b3d94dfe1ef85e1c62e858a39840cec45f7692760f
                                            • Instruction Fuzzy Hash: D790027621141412D1006169484874700159BD0352FA1C011A9194555E86E5C8927571
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219A80 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8cb781d7155e34e66aeaae52e1317b2a263e219cf215592bacf7ce72bb91f73b
                                            • Instruction ID: 43aa19f2eb850df469edeebd201866c9f4883952550f06c0ad5cffd37d6a9651
                                            • Opcode Fuzzy Hash: 8cb781d7155e34e66aeaae52e1317b2a263e219cf215592bacf7ce72bb91f73b
                                            • Instruction Fuzzy Hash: 9790027621145452D14062694844B0F41159BE1252FE1C019A8186554CC99588566761
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 05219670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction ID: 12504bbd35910d37ae8cc7cbae8c8bbafb7d3dc9a38fc54de9b55ae49a77062c
                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction Fuzzy Hash:
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0526FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E0526FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0521CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E05265720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E05265720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                            0x0526fdda
                                            0x0526fde2
                                            0x0526fde5
                                            0x0526fdec
                                            0x0526fdfa
                                            0x0526fdff
                                            0x0526fe0a
                                            0x0526fe0f
                                            0x0526fe17
                                            0x0526fe1e
                                            0x0526fe19
                                            0x0526fe19
                                            0x0526fe19
                                            0x0526fe20
                                            0x0526fe21
                                            0x0526fe22
                                            0x0526fe25
                                            0x0526fe40

                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0526FDFA
                                            Strings
                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0526FE01
                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0526FE2B
                                            Memory Dump Source
                                            • Source File: 00000009.00000002.564704309.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: true
                                            • Associated: 00000009.00000002.571969759.00000000052CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            • Associated: 00000009.00000002.572038422.00000000052CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_9_2_51b0000_vbc.jbxd
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                            • API String ID: 885266447-3903918235
                                            • Opcode ID: 3db965e3d502a52d5ea90b73d5c616f173bee5d136202a9a421e0c572439bd03
                                            • Instruction ID: 8e656702dbcce5a53d8dec8fcaf9f4de26ee9f1fc51ef545b13be32f3296ee96
                                            • Opcode Fuzzy Hash: 3db965e3d502a52d5ea90b73d5c616f173bee5d136202a9a421e0c572439bd03
                                            • Instruction Fuzzy Hash: 8CF0F636350601BFDA251A45DC46F23BF5AEF44730F140314F668565D1DA72F87096F5
                                            Uniqueness

                                            Uniqueness Score: -1.00%